Abstract: The present disclosure provides an approach of providing, to an artificial intelligence (AI) model, a malicious script that includes a malicious behavior. The AI model is configured to modify software code of the malicious script to produce modified software code that obfuscates the malicious behavior. The approach produces, by a processing device using the AI model, an adversarial script that includes the modified software code that obfuscates the malicious behavior. In turn, the approach initiates a malware detector to test the adversarial script.

Abstract: A system and method of scrubbing sensitive data from records using patterns and large language models (LLM). The method includes receiving a request to process a record comprising data including sensitive data. The method includes identifying, based on one or more regex rules, a first set of scrubbing candidates associated with the record. The method includes identifying, by a processing device and based on a large language model (LLM), a second set of scrubbing candidates associated with the record. The method includes generating, based on the first set of scrubbing candidates and the second set of scrubbing candidates, a scrubbed record by scrubbing the record to remove the sensitive data.

Abstract: Systems and methods of actor attribution utilizing a machine learning (ML) model, such as a large language model (LLM), are provided. The method includes generating a first ML model based on first data associated with a first cybersecurity incident of a plurality of cybersecurity incidents. The method includes training the first ML model based on actor attribution associated with the first cybersecurity incident to generate a second ML model. The method includes receiving second data that is associated with a second cybersecurity incident of the plurality of cybersecurity incidents. The method includes producing, by a processing device for the second ML model using the second data, an attribution of the second cybersecurity incident to an actor.

Abstract: Methods and systems for applying a diffusion model to adversarial purification and generating adversarial samples in malware detection are disclosed. According to an example, a malware file is inputted to a diffusion model to obtain an adversarial sample by altering content of the malware file. The adversarial sample is further tested by a malware detector. In some examples, the content of an input file may be encoded prior to be processed by the diffusion model. If the malware detector can identify the adversarial sample as a malware file, the diffusion model is updated to further alter the content until the adversarial sample successfully deceives the malware detector. According to another example, an executable file is purified using a diffusion model prior to be inputted to a malware detector. The diffusion model may remove potential malware content from the executable file, thus improving the performance of the malware detector.

Abstract: A command line anomaly detection system can generate anomaly scores associated with command line entries, such that command line entries associated with the highest anomaly scores can be identified. The command line anomaly detection system can include a transformer model trained, via unsupervised machine learning, to determine meanings of components of individual command line entries. The command line anomaly detection system can also include an anomaly detection model trained, via unsupervised machine learning, to determine anomaly scores based on the meanings of components of individual command line entries determined by the transformer model.