Course Details
Course | CSC-791 LLMs in Security |
Meeting Location | 1212 EB2 |
Meeting Times | Tu/Th 8:30AM - 9:45AM |
Credits | 3 |
Instructor | Alexandros Kapravelos |
akaprav at ncsu.edu | |
Office Hours | By appointment |
Course Resources
You can find the class schedule and all slides from the lectures here.
We will use Discord for our communication.
The recorded lectures will be available here.
Course Prerequisites/Corequisites
None.
Course Overview
This course will explore the use of large language models (LLMs) in the field of cybersecurity. LLMs are a type of artificial intelligence (AI) that are trained on massive amounts of text data. This allows them to generate text, including code, making them important to study from a security perspective. In this course, we will discuss the following topics:
- An overview of LLMs and their capabilities
- The use of LLMs in security applications
- The potential security risks of using LLMs
- Best practices for using LLMs securely
Textbooks and Reading Material
This course has no formal textbook. The course readings will come from research papers and other informative sources.
Student Learning Outcomes
By the end of this course, students will be able to:
- Critique published research
- Understand the fundamentals of Large Language Models (LLMs) and their capabilities in the context of cybersecurity.
- Identify and evaluate potential security risks associated with the use of LLMs, such as prompt injection, insecure output handling, training data poisoning, and overreliance.
- Apply best practices for securing LLM-enabled applications, including mitigation strategies for various security risks.
- Critically assess the outputs of LLMs to avoid compromised decision-making, security vulnerabilities.
- Gain practical experience in applying LLMs to real-world cybersecurity scenarios and case studies.
Course Structure and Grading
The course will consist of several homework assignments that contribute to the final grade in the following proportions:
20% | Participation |
20% | Reviews |
20% | CTF challenge |
40% | Group Project |
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 (Grades and Grade Point Average) describes the grade point interpretation of letter grades.
Course Schedule
See the course schedule. Note that the schedule is subject to change as the semester evolves.
Roles
This semester we will be using the following roles for guiding the discussion of papers:
- Scientific Peer Reviewer
- Archaeologist
- Illustrator
- Academic Researcher
- Industry Practitioner
- Penetration Tester
- Private Investigator
- Threat Model Reviewer
- Reproducibility Hacker (double weight)
- Ethics Investigator
In every lecture we are going to discuss the papers from different angles and each role is expected to be ready to comment about the paper based on the role’s responsibility. No full-blown presentation is expected, but we are going to use a single presentation per paper available for edits to all students who would like to guide the discussion with additional material. It is expected from some roles (like the Illustrator) to heavily use visual guides to drive the discussion, so having some slides prepared will lead to higher quality discussion.
Paper Discussions
Students will prepare to discuss each paper from our reading list during class. The expectation is that these presentations will be high quality, informed, insightful, and interesting. Since all current conferences require pre-recorded presentations these days, we will be experimenting with presenting research work in the current circumstances.
Reviews/Reports
Students are expected to read relevant papers every week. Students should submit their reviews/reports on hotcrp before the paper’s discussion. Students that have a role other than the Scientific Peer Reviewer should submit a report on hotcrp with their findings.
Class Participation
To do well in this course, students must actively participate in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned readings every week and provide reviews/reports for them. This will be closely monitored by the instructor, thereby making a student’s ability to demonstrate their comprehension of papers essential to a receiving a passing grade. Students are expected to be active in the discussion of every paper, answering questions that other students have and leading a constructive discussion about the papers.
Late Policy
No late reviews/deliverables will be accepted. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
Attendance Policy
All meetings will be in person for this class, but they are going to be also available also via Panopto recordings. You need to inform the instructor for any absences before class, since this will affect our discussions.
The university policy on excused absences will be observed (see http://policies.ncsu.edu/regulation/reg-02-20-03).
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. This is a very serious issue – violations may not just be immoral, they may violate federal laws.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
University Policies
Academic Integrity and Honesty
Students are required to comply with the university policy on academic integrity found in the Code of Student Conduct. Therefore, students are required to uphold the university pledge of honor and exercise honesty in completing any assignment.
Please refer to the Academic Integrity web page for a detailed explanation of the University’s policies on academic integrity and some of the common understandings related to those policies.
Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web-postings, where relevant to the course. Examples include online discussions of class topics and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.
Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:
- Equal Opportunity and Non-Discrimination Policy Statement and additional references
- Code of Student Conduct
- Grades and Grade Point Average
- Credit-Only Courses
- Audits
Students with Disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office at Holmes Hall, Suite 304,Campus Box 7509, 919-515-7653 . For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG02.20.01)
Trans-Inclusive Statement
In an effort to affirm and respect the identities of transgender students in the classroom and beyond, please contact me if you wish to be referred to using a name and/or pronouns other than what is listed in the student directory.
Basic Needs Security
Any student who faces challenges securing their food or housing or has other severe adverse experiences and believes this may affect their performance in the course is encouraged to notify the professor if you are comfortable in doing so. Alternatively, you can contact the Division of Academic and Student Affairs to learn more about the Pack Essentials program https://dasa.ncsu.edu/pack-essentials/
Course Evaluation
ClassEval is the end-of-semester survey for students to evaluate the instruction of all university classes. The current survey is administered online and includes 12 closed-ended questions and 3 open-ended questions. Deans, department heads, and instructors may add a limited number of their own questions to these 15 common-core questions. Each semester students’ responses are compiled into a ClassEval report for every instructor and class. Instructors use the evaluations to improve instruction and include them in their promotion and tenure dossiers, while department heads use them in annual reviews. The reports are included in instructors’ personnel files and are considered confidential. Online class evaluations will be available for students to complete during the last two weeks of the semester for full-semester courses and the last week of shorter sessions. Students will receive an email directing them to a website to complete class evaluations. These become unavailable at 8 am on the first day of finals.
- Contact ClassEval Help Desk: [email protected]
- ClassEval website
- More information about ClassEval
Syllabus Modification Statement
Our syllabus represents a flexible agreement. It outlines the topics we will cover and the order we will cover them in. Dates for assignments represent the earliest possible time they would be due. The pace of the class depends on student mastery and interests. Thus minor changes in the syllabus can occur if we need to slow down or speed up the pace of instruction.