注意线索：LLM 在真实恶意软件分析中应用线索驱动的逆向工程.pdf

《注意线索：LLM 在真实恶意软件分析中应用线索驱动的逆向工程.pdf》由会员分享，可在线阅读，更多相关《注意线索：LLM 在真实恶意软件分析中应用线索驱动的逆向工程.pdf（61页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsClue-driven Reverse Engineering by LLMin Real-world Malware AnalysisPay Attention to the ClueResearch Team Lead CyCraft TechnologyResearch focusesAI/LLMRed TeamingCloud SecurityConference PresentationsHITCON CMT/ENTBlack Hat Europe ArsenalUSENIX Security PosterCybersecurity boar

2、d games creatorTien-Chih Lin(Dange)Senior Cybersecurity Researcher CyCraft TechnologyAreas of ExpertiseMalware AnalysisIncident ResponseConference PresentationsHITCON CMTCODE BLUE BlueBoxSINCONIEEE DSCWei-Chieh Chao(oalieno)Cybersecurity Researcher CyCraft TechnologyConference PresentationsUSENIX 20

3、24 PosterAVTokyoCYBERSECCTF Player:TWN48,Balsn,w33dGitHub:asef18766Zhao-Min Chen(Jim)How to know LLM is hallucinating?5Optimization Guide from OpenAIRAGAll of the aboveFine-tuningPrompt engineeringContext optimizationWhat the modelneeds to knowLLM optimizationHow the model needs to actResym(CCS24)LL

4、M4Decompile(EMNLP 2024)aiDAPalDeGPT(NDSS 2024)ReverserAI(Recon 2024)6The Single-Source TrustAre you sure?Absolutely sure.7How to know someone is lying?Lie DetectorReference Check8EmbeddingAttention+Linear&SoftmaxMLP+InputOutputMethod 1:Reference CheckThe attention mechanism reveals the models token

5、focus during generation.Method 2:Lie DetectorThe softmax probability distribution indicates the generations uncertainty.AttentionAttentionmultiple layers How to know LLM is hallucinating?9Method 2:Lie DetectorThe softmax probability distribution indicates the generations uncertainty.How to know LLM

6、is hallucinating?Embedding+MLP+InputOutputmultiple layers Linear&SoftmaxAttentionAttentionAttentionMethod 1:Reference CheckThe attention mechanism reveals the models token focus during generation.10Multi-Head AttentionEmbedding+MLP+InputOutputmultiple layers Linear&SoftmaxAttentionAttentionAttention