{"id":12457,"date":"2023-06-12T09:28:54","date_gmt":"2023-06-12T09:28:54","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?post_type=session&#038;p=12457"},"modified":"2024-09-03T02:29:33","modified_gmt":"2024-09-03T02:29:33","slug":"commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities","status":"publish","type":"session","link":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/","title":{"rendered":"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities"},"content":{"rendered":"<div class=\"simple_format\">\n<p><strong><a href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/materials\/D2%20COMMSEC%20-%20Words%20Have%20Meaning!%20Leveraging%20LLMs%20to%20Enhance%20Insider%20Threat%20Investigation%20Capabilities%20-%20Keggy%20the%20Keg.pdf\">PRESENTATION SLIDES<\/a><\/strong><\/p>\n<p style=\"text-align: justify;\">In this talk we present novel methods for the use of Generative AI &#8211; specifically Large Language Models (LLMs) to enhance the ability of cybersecurity investigators to trace and deter unauthorized exfiltration of text data that involves an air gap (shift in transmission mediums that resists digital forensic analysis). We review the definition of an air gap in this context, and describe the current state of the art with regards with digital watermarking and DLP to frame the discussion.<\/p>\n<p>We then introduce 2 practical applications &#8211; one simple\/naive, one more sophisticated &#8211; that leverage an LLM (tested on Senku 70B, possibly others by the time of the presentation) to inject what we term \u201csemantic watermarking\u201d in such a way that regardless of the exfiltration method, the watermark can be both preserved with relatively high integrity as well as deterministically associated with an individual actor. This enables an investigative team to identify either malicious insider actors, or compromised users within their environment.<\/p>\n<p>We also review tradeoffs in deployment of these applications, and then close with discussion of potentially more sophisticated implementations that would extend this capability to other forms of data such as audio or video.<\/p>\n<\/div>\n","protected":false},"template":"","class_list":["post-12457","session","type-session","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities - HITBSecConf2024 - Bangkok<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities - HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"og:description\" content=\"PRESENTATION SLIDES In this talk we present novel methods for the use of Generative AI &#8211; specifically Large Language Models (LLMs) to enhance the ability of cybersecurity investigators to trace and deter unauthorized exfiltration of text data that involves an air gap (shift in transmission mediums that resists digital forensic analysis). We review the definition [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-03T02:29:33+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/\",\"name\":\"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities - HITBSecConf2024 - Bangkok\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\"},\"datePublished\":\"2023-06-12T09:28:54+00:00\",\"dateModified\":\"2024-09-03T02:29:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\",\"name\":\"HITBSecConf2024 - Bangkok\",\"description\":\"August 26 - 30 @ InterContinental\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities - HITBSecConf2024 - Bangkok","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/","og_locale":"en_US","og_type":"article","og_title":"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities - HITBSecConf2024 - Bangkok","og_description":"PRESENTATION SLIDES In this talk we present novel methods for the use of Generative AI &#8211; specifically Large Language Models (LLMs) to enhance the ability of cybersecurity investigators to trace and deter unauthorized exfiltration of text data that involves an air gap (shift in transmission mediums that resists digital forensic analysis). We review the definition [&hellip;]","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/","og_site_name":"HITBSecConf2024 - Bangkok","article_modified_time":"2024-09-03T02:29:33+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/","name":"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities - HITBSecConf2024 - Bangkok","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website"},"datePublished":"2023-06-12T09:28:54+00:00","dateModified":"2024-09-03T02:29:33+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-words-have-meaning-leveraging-llms-to-enhance-insider-threat-investigation-capabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/"},{"@type":"ListItem","position":2,"name":"Session","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/"},{"@type":"ListItem","position":3,"name":"COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/","name":"HITBSecConf2024 - Bangkok","description":"August 26 - 30 @ InterContinental","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/session\/12457"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/session"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/types\/session"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media?parent=12457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}