Overcoming Barriers in Security DSLs with BabbelPhish: Empowering Detection Engineers using Large Language Models

Presented at BSidesLV 2023, Aug. 9, 2023, noon (Unknown duration).

The rise of detection-as-code platforms has revolutionized threat detection, analysis, and mitigation by leveraging domain-specific languages (DSLs) to streamline security management. However, learning these DSLs can be challenging for new detection engineers. In this talk, we introduce BabbelPhish, an innovative approach utilizing large language models to bridge the gap between natural language queries and security DSLs. We demonstrate its application to MQL, Sublime Security's free DSL for email security, and its potential extension to other DSLs. BabbelPhish enables users to harness the full potential of detection-as-code platforms with familiar natural language expressions, facilitating seamless transitions from triage to querying and coding. We will discuss BabbelPhish's architecture, training process, and optimization techniques for translation accuracy and MQL query validity. Through live demonstrations and user interviews, we will showcase its real-world applications and implementation options, such as a VSCode plugin. Join us as we explore how large language models can integrate natural language capabilities with the precision of security DSLs, streamlining security management and threat hunting, and making detection-as-code platforms accessible to a wider range of security professionals.

Presenters:

  • Bobby Filar
    Bobby Filar is a machine learning researcher and the Head of Data Science at Sublime Security. He leads the development and integration of machine learning technologies for the company's email security platform. Before joining Sublime Security, Bobby led Security ML teams at Endgame and Elastic, where he spearheaded data science research on malware classification. His research interests span various topics, including reinforcement learning, adversarial machine learning, and natural language understanding.

Links:

Similar Presentations: