Text / Sangfor Technology
With the digital and intelligent transformation of the financial industry into the deep water area, the scale and complexity of network security data faced by financial institutions are increasing, and the requirements for financial institutions' threat detection and defense capabilities are getting higher and higher.
In order to implement the People's Bank of China's "Fintech Development Plan (2022-2025)" and systematically display the excellent application and practice achievements of large models in the financial field, the "Global Fintech Conference Series Activities - Large Model Financial Application Innovation and Practice Competition" sponsored by Zhongguancun Xicheng Park Management Committee, Beijing Xicheng District Federation of Trade Unions, Beijing Fintech Industry Alliance and Beijing Institute of Financial Information Technology solicited results for the industry. After the preliminary and final review of the competition, the top ten excellence awards of the "Large Model Financial Application Innovation and Practice Competition" were finally selected by well-known experts in the industry, and the award ceremony was held on April 28. The competition fully demonstrated the innovative and practical achievements of large models in the field of financial applications, effectively promoted the exploration and ecological construction of large model financial application scenarios, and provided strong support for the steady development of digital finance and smart finance.
As the only large model in the vertical field of cyber security in the top ten excellence awards of the "Large Model Financial Application Innovation and Practice Competition", Sangfor Security GPT provides innovative solutions to the challenges encountered by financial institutions in cyber security operations.
As the first security model in China that has been filed through deep synthesis service algorithms, Sangfor Security GPT can assist financial institutions in completing complex tasks such as traffic detection, event analysis, security recommendation generation, and security incident disposal, closing the loop in seconds and improving efficiency by 100 times, empowering organizations from detection capabilities and security operations to fight against external strong enemies.
The detection capability far exceeds that of traditional devices and general large models, greatly improving the "threat detection and defense capabilities" of financial institutions.
Financial institutions have complex information systems, scattered network boundaries, numerous risk points, and large risk exposure areas, which require high threat detection and defense capabilities, and traditional detection engines are difficult to cope with external high-confrontation and high-concealment attack methods.
Sangfor Security GPT can be used as a detection engine to empower traditional security devices such as situational awareness and endpoint security, and has the ability to understand the intent of unknown attacks, anomaly judgment, and obfuscation restoration, and achieve breakthrough results in traffic threat detection and host-side phishing attack detection.
Traffic threat detection rate is as high as 95.7%, and false positive rate is as low as 4.3%
Through knowledge distillation, model quantization, model pruning, and attention mechanism optimization, Sangfor improves the inference performance of secure GPT by 50 times, and realizes real-time detection of real-time traffic in the actual network environment.
The security GPT detection model can detect obfuscation and coding high bypass traffic, and has a good detection effect on web vulnerabilities, has a strong ability to detect Web 0-day vulnerabilities, and has a high accuracy rate for successful attack judgment.
Figure 1 Capability architecture of secure GPT detection of large models
After the detection of 3000w black samples and 2000w white samples, compared with the traditional engine, the detection rate of Secure GPT increased from 45.6% to 95.7%, and the false alarm rate decreased from 21.4% to 4.3%. In the actual test of a ministry and commission, 25 highly obfuscated data packets (which can bypass the traditional engine and the general large model GPT-4), and the detection rate of secure GPT is 100%, covering the 0 day/N day vulnerabilities that have occurred in general web attacks, general component vulnerability attacks, obfuscation attacks, and national attack and defense drills.
The detection rate of phishing attacks is as high as 91.7%, far exceeding that of traditional solutions
The difficulty of phishing attacks lies in the fact that, from a technical point of view, phishing emails are no different from normal emails, which are difficult for ordinary people to identify, and phishing attacks with high confusion and variable forms are also difficult to define with rules.
Based on the generalized understanding of natural language, Security GPT can comprehensively evaluate and judge the intent behind the content of emails and documents, just like hiring an anti-phishing "security expert" who understands attack and defense, technology, and human feelings to defend in real time, so as to achieve accurate detection and disposal of phishing incidents.
Figure 2 Identification method of phishing emails
By detecting 30,000 high-resistance phishing emails and 1 million white emails, compared with traditional solutions, the detection rate of secure GPT phishing attacks has soared from 15.7% to 91.4%, and the false positive rate has decreased from 0.15% to 0.046%, which is several times better than traditional solutions.
90% efficiency improvement, "new quality productivity" of safe operation in the financial industry
With the in-depth application of large models, the number of attacks during non-working hours has continued to rise, and the lack of network security technical talents and the difficulty in controlling the efficiency of analysis and judgment have made the security operation of financial institutions face severe challenges.
Security GPT provides differentiated suggestions and operation paths that meet the operation level of security personnel through natural language dialogue, carries 80% of security operation operations, compresses the analysis and disposal process of massive alarms into minutes, empowers junior security engineers to close the loop on a single advanced threat within 5 minutes, and reduces the time spent on daily security operations by more than 90%.
Due to the asymmetry of attack and defense, attackers often attack during non-working hours, and the secure GPT 2.0 intelligent driving provides 7*24 hours of autonomous security events/alarms, reducing the need for multiple manual operations, reducing the average threat detection time (MTTD)/average threat response time (MTTR) by 85%, and one operator can protect tens of thousands of assets.
Figure 3 Blueprint for the evolution of the large model of Sangfor Security GPT operation
Up to now, Secure GPT has been tested and applied in the real environment of more than 130 enterprises, helping users in industries such as finance, energy, and government agencies to improve the actual analysis level and disposal efficiency of security personnel.
In addition to the detection model and operation model, more scenarios that can be applied to the actual situation will be gradually incubated in the future, which will bring more "one step ahead" effects and experiences to the network security construction of the financial industry.