運用生成式人工智慧協撰惡意程式行為分析敘事文本

Abstract

目前世界正處於一資訊爆炸的時代，資訊科技已經成為人類生活不可或缺的一部份，隨之而來的就是各種資安議題，其中惡意程式的分析更是一大項目，各種資安攻擊手法都離不開惡意程式的協助。現行在惡意程式行為的分析上常常使用所謂的動態分析，也就是將惡意程式至於一沙箱之中，透過側錄的方式取得其活動證據，這些活動證據常常由低階語言所組成。

許多資安公司對這些沙箱側錄結果都會產出技術報告，但是報告內容大都不容易消化，對於資訊安全管理者的威脅情報掌握與傳遞，或是一般人在資安領域的專業知識學習上，需要將這些報告轉成更容易理解、具有語意 (以自然語言撰寫) 的惡意程式技術摘要報告，較符合實際需求，但目前大多仰賴資安專家手動製作，缺乏有效率地產出方法。本論文的研究主要希望解決這種低階的結構語意難以理解的問題，預計會將 System Call Trace 的每一個詳細步驟進行語意上的轉換，將其從低階語言轉化為易於人類閱讀的高階語法，並且透過 ChatGPT 的輔助將其綜整成一篇文章，使研究人員能以最自然的方式快速地理解惡意程式的活動內容。

At present, the world is in an era of information explosion. Information technology has become an indispensable part of human life, and various information security issues follow. Among them, the analysis of malicious programs is a major project. Various information security attacks The methods are inseparable from the assistance of malicious programs. At present, the so-called dynamic analysis is often used in the analysis of malicious program behavior, that is, the malicious program is placed in a sandbox, and its activity evidence is obtained through the method of skimming, and the activity evidence is often composed of low-level language.

Many information security companies will produce technical reports on these sandbox skimming results, but most of the report content is not easy to digest. For information security managers to grasp and transmit threat intelligence, or for ordinary people to learn professional knowledge in the field of information security, These reports need to be converted into easier-to-understand, semantic (written in natural language) malicious program technical summary reports, which are more in line with actual needs. However, most of them rely on information security experts to manually produce them, and there is no efficient way to produce them. The research of this paper mainly hopes to solve the problem that the low-level structural semantics are difficult to understand. It is expected that each detailed step of System Call Trace will be semantically converted from low-level language to high-level grammar that is easy for humans to read. , and integrated into an article with the assistance of ChatGPT, so that researchers can quickly understand the activities of malicious programs in the most natural way.