LLMs as Hackers: Autonomous Linux Privilege Escalation Attacks (2310.11409v6)

Abstract: Penetration-testing is crucial for identifying system vulnerabilities, with privilege-escalation being a critical subtask to gain elevated access to protected resources. LLMs presents new avenues for automating these security practices by emulating human behavior. However, a comprehensive understanding of LLMs' efficacy and limitations in performing autonomous Linux privilege-escalation attacks remains under-explored. To address this gap, we introduce hackingBuddyGPT, a fully automated LLM-driven prototype designed for autonomous Linux privilege-escalation. We curated a novel, publicly available Linux privilege-escalation benchmark, enabling controlled and reproducible evaluation. Our empirical analysis assesses the quantitative success rates and qualitative operational behaviors of various LLMs -- GPT-3.5-Turbo, GPT-4-Turbo, and Llama3 -- against baselines of human professional pen-testers and traditional automated tools. We investigate the impact of context management strategies, different context sizes, and various high-level guidance mechanisms on LLM performance. Results show that GPT-4-Turbo demonstrates high efficacy, successfully exploiting 33-83% of vulnerabilities, a performance comparable to human pen-testers (75%). In contrast, local models like Llama3 exhibited limited success (0-33%), and GPT-3.5-Turbo achieved moderate rates (16-50%). We show that both high-level guidance and state-management through LLM-driven reflection significantly boost LLM success rates. Qualitative analysis reveals both LLMs' strengths and weaknesses in generating valid commands and highlights challenges in common-sense reasoning, error handling, and multi-step exploitation, particularly with temporal dependencies. Cost analysis indicates that GPT-4-Turbo can achieve human-comparable performance at competitive costs, especially with optimized context management.

• The paper introduces HackingBuddyGPT, an LLM-driven prototype for autonomous Linux privilege escalation attacks evaluated on a controlled benchmark.
• Empirical results show GPT-4-Turbo achieved 33–83% success, closely approaching the 75% performance of human penetration testers.
• Optimized context management and targeted guidance techniques highlight LLMs' potential for reliable, cost-effective penetration testing.

"LLMs as Hackers: Autonomous Linux Privilege Escalation Attacks"

Introduction

This paper investigates the application of LLMs in autonomously performing Linux privilege-escalation attacks, a critical aspect within the field of penetration testing. Privilege escalation involves exploiting system vulnerabilities to gain elevated access, and the emergence of LLMs offers a novel approach to automating this process. The paper introduces HackingBuddyGPT, a fully automated LLM-driven prototype, designed to evaluate the efficacy of LLMs—specifically GPT-3.5-Turbo, GPT-4-Turbo, and Llama3—in Linux privilege escalation tasks.

Method and Benchmark Design

The authors created a controlled experimental setup using a newly curated Linux privilege-escalation benchmark. This benchmark consists of multiple single-vulnerability virtual machines, facilitating reproducible evaluations. HackingBuddyGPT employs an LLM-driven control loop, executing commands autonomously to exploit vulnerabilities detected on target systems. The system utilizes a next-command LLM-prompt, enriched by state management strategies and optional guidance mechanisms, to generate and deploy exploitation commands.

Figure 1: High-Level Overview of the testbed and HackingBuddyGPT, detailing the interaction between LLM modules and the virtual machine test environment.

Empirical Results

The empirical analysis measured both quantitative success rates and qualitative operational behaviors against baselines of human penetration-testers and traditional automated tools. Key findings revealed that GPT-4-Turbo demonstrated high efficacy, achieving exploitation success rates of 33–83%, comparable to human testers at 75%. Context management strategies and high-level guidance significantly enhanced LLM performance. GPT-3.5-Turbo showed moderate success rates (16–50%), while Llama3 presented limited success.

Figure 2: Graph of accumulated context token usage over time for different LLMs.

Qualitative Analysis

Qualitative assessment identified both strengths and challenges faced by LLMs in command generation. LLMs exhibited difficulties in common-sense reasoning and error handling, often failing to exploit detected vulnerabilities fully. Despite costs associated with the use of LLMs, optimized context management showed potential for competitive cost-effectiveness per vulnerability exploited, suggesting practical feasibility alongside traditional methods.

Implications and Future Directions

The research provides essential insights into the current capabilities and limitations of LLMs in automated penetration testing. It proposes a future direction towards more effective LLM-guided security tools, emphasizing the necessity for improved task-specific guidance and cost-efficiency. The development of advanced models and strategies could further enhance the reliability of LLM-driven penetration testing systems.

Conclusion

The study establishes a foundation for benchmarking LLM capabilities in security practices, promoting subsequent research aimed at augmenting existing penetration testing methodologies with LLM-assisted solutions. The implications highlight the potential transformative impact of LLMs on cybersecurity, advocating for continued exploration to optimize and integrate LLM technologies in practical security environments.