Chatbots to ChatGPT in a Cybersecurity Space: Evolution,   Vulnerabilities, Attacks, Challenges, and Future Recommendations

Attia Qammar; Hongmei Wang; Jianguo Ding; Abdenacer Naouri; Mahmoud; Daneshmand; Huansheng Ning

arXiv:2306.09255·cs.CR·June 16, 2023·20 cites

Chatbots to ChatGPT in a Cybersecurity Space: Evolution, Vulnerabilities, Attacks, Challenges, and Future Recommendations

Attia Qammar, Hongmei Wang, Jianguo Ding, Abdenacer Naouri, Mahmoud, Daneshmand, Huansheng Ning

PDF

Open Access

TL;DR

This paper reviews the evolution of chatbots from rule-based systems to ChatGPT, analyzes cybersecurity threats and vulnerabilities associated with them, and discusses future strategies to mitigate these risks in the AI-driven landscape.

Contribution

It provides a comprehensive overview of chatbot development, details specific cybersecurity vulnerabilities in ChatGPT, and proposes future directions for enhancing security in AI chatbots.

Findings

01

ChatGPT has been exploited to generate malware, phishing emails, and undetectable zero-day attacks.

02

Cybercriminals exploit chatbot vulnerabilities for malicious activities.

03

Strategies are needed to mitigate cybersecurity threats in AI chatbots.

Abstract

Chatbots shifted from rule-based to artificial intelligence techniques and gained traction in medicine, shopping, customer services, food delivery, education, and research. OpenAI developed ChatGPT blizzard on the Internet as it crossed one million users within five days of its launch. However, with the enhanced popularity, chatbots experienced cybersecurity threats and vulnerabilities. This paper discussed the relevant literature, reports, and explanatory incident attacks generated against chatbots. Our initial point is to explore the timeline of chatbots from ELIZA (an early natural language processing computer program) to GPT-4 and provide the working mechanism of ChatGPT. Subsequently, we explored the cybersecurity attacks and vulnerabilities in chatbots. Besides, we investigated the ChatGPT, specifically in the context of creating the malware code, phishing emails, undetectable…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Malware Detection Techniques · Spam and Phishing Detection · Artificial Intelligence in Healthcare and Education

MethodsMulti-Head Attention · Attention Is All You Need · Linear Layer · Position-Wise Feed-Forward Layer · Label Smoothing · Absolute Position Encodings · Layer Normalization · Byte Pair Encoding · Residual Connection · Softmax