Last month, AstroVPN was the target of a Distributed Denial of Service (DDoS) attack on our New York VPN node. In response, we turned to a popular AI language model, ChatGPT, for assistance in analyzing the traffic logs from the attack after seeing a social posting by Pavel Odintsov.
We fed ChatGPT 7KB of raw traffic logs recorded during the attack and asked it to determine if anything unusual or potentially malicious was present in the logs. Initially, ChatGPT could only provide a conclusive answer with further context about the network. The replies were not confident, but they did provide more information about how a human engineer could further identify/resolve the problem.
We provided ChatGPT with additional context, explaining that “In this network, UDP traffic is not common unless the destination port is 8080.” With this information, ChatGPT was able to identify instances of UDP traffic on non-standard ports, which could be indicative of a DoS attack.
This crucial bit of information increased ChatGPT’s confidence in stating that the traffic was either the result of another running UDP application or network scans/potentially malicious activity.
However, ChatGPT’s limited traffic flood/DDoS detection capabilities were quite evident in this instance. With a thorough understanding of the network, its standard operation, and the little traffic sample provided, ChatGPT could accurately identify all malicious traffic and state whether or not an attack was present. Our experiments with ChatGPT have highlighted the need for additional information and context for AI to be effective in these types of scenarios (as well as any complex analytical scenario).
Despite these limitations, our experience with ChatGPT has shown the potential for AI in cyber-security. As the capabilities of AI continue to develop, there will be even more opportunities for AI to help protect against cyber threats. At AstroVPN, we will continue to explore and develop these capabilities in the future.
In conclusion, while AI has the potential to be a valuable tool in the fight against cyber threats, it is not a silver bullet. It is vital for organizations to understand the limitations of present-day AI and to provide it with the necessary information and context to enable it to make accurate and practical conclusions. Only then will AI stand as an effective ally in the battle against cyber-attacks.