Transforming Computer Security and Public Trust Through the Exploration of Fine-Tuning Large Language Models
Garrett Crumrine, Izzat Alsmadi, Jesus Guerrero, Yuvaraj Munian
TL;DR
The paper investigates how large language models can be misused through malicious services called Mallas and how this risk can be mitigated. It leverages a CVE-derived dataset to fine-tune LLMs using efficient methods such as LoRA, QLoRA, and prompt tuning, and it compares multiple pre-trained models (e.g., GPT-4, Llama variants, Gemini) to assess susceptibility and attack potential. The study combines data-driven vulnerability selection with prompt engineering and adversarial fine-tuning to reveal operational patterns of misuse and to inform more secure AI deployments. The authors advocate enhanced safeguards, ethical guidelines, and the development of robust AI security tools to transform public trust in LLM-based technologies.
Abstract
Large language models (LLMs) have revolutionized how we interact with machines. However, this technological advancement has been paralleled by the emergence of "Mallas," malicious services operating underground that exploit LLMs for nefarious purposes. Such services create malware, phishing attacks, and deceptive websites, escalating the cyber security threats landscape. This paper delves into the proliferation of Mallas by examining the use of various pre-trained language models and their efficiency and vulnerabilities when misused. Building on a dataset from the Common Vulnerabilities and Exposures (CVE) program, it explores fine-tuning methodologies to generate code and explanatory text related to identified vulnerabilities. This research aims to shed light on the operational strategies and exploitation techniques of Mallas, leading to the development of more secure and trustworthy AI applications. The paper concludes by emphasizing the need for further research, enhanced safeguards, and ethical guidelines to mitigate the risks associated with the malicious application of LLMs.