Hackphyr: A Local Fine-Tuned LLM Agent for Network Security Environments

TL;DR

Hackphyr introduces a locally fine-tuned 7-billion-parameter LLM agent for network security, outperforming larger models and baselines in complex cybersecurity scenarios while maintaining privacy and cost advantages.

Contribution

The paper presents Hackphyr, a novel, locally fine-tuned LLM for cybersecurity, with a new task-specific dataset and analysis of agent behaviors, enabling effective network security applications.

Findings

Hackphyr achieves performance comparable to GPT-4.

Outperforms GPT-3.5-turbo and Q-learning baselines.

Provides insights into LLM agent planning and limitations.

Abstract

Large Language Models (LLMs) have shown remarkable potential across various domains, including cybersecurity. Using commercial cloud-based LLMs may be undesirable due to privacy concerns, costs, and network connectivity constraints. In this paper, we present Hackphyr, a locally fine-tuned LLM to be used as a red-team agent within network security environments. Our fine-tuned 7 billion parameter model can run on a single GPU card and achieves performance comparable with much larger and more powerful commercial models such as GPT-4. Hackphyr clearly outperforms other models, including GPT-3.5-turbo, and baselines, such as Q-learning agents in complex, previously unseen scenarios. To achieve this performance, we generated a new task-specific cybersecurity dataset to enhance the base model's capabilities. Finally, we conducted a comprehensive analysis of the agents' behaviors that provides insights into the planning abilities and potential shortcomings of such agents, contributing to the broader understanding of LLM-based agents in cybersecurity contexts