openai
Add Defang_Check eval
Thank you for contributing an eval! ♥️
🚨 Please make sure your PR follows these guidelines, failure to follow the guidelines below will result in the PR being closed automatically. Note that even if the criteria are met, that does not guarantee the PR will be merged nor GPT-4 access granted. 🚨
PLEASE READ THIS:
In order for a PR to be merged, it must fail on GPT-4. We are aware that right now, users do not have access, so you will not be able to tell if the eval fails or not. Please run your eval with GPT-3.5-Turbo, but keep in mind as we run the eval, if GPT-4 gets higher than 90% on the eval, we will likely reject since GPT-4 is already capable of completing the task.
We plan to roll out a way for users submitting evals to see the eval performance on GPT-4 soon. Stay tuned! Until then, you will not be able to see the eval performance on GPT-4. Starting April 10, the minimum eval count is 15 samples, we hope this makes it easier to create and contribute evals.
Eval details 📑
Eval name
Defang_Check
Eval description
This eval tests the model's ability to defang malicious domain names by replacing dots with "[.]" while leaving non-malicious domains intact.
What makes this a useful eval?
This eval is useful as it demonstrates the model's ability to understand and follow instructions to defang malicious domain names, a task relevant in cybersecurity practices.
Criteria for a good eval ✅
Below are some of the criteria we look for in a good eval. In general, we are seeking cases where the model does not do a good job despite being capable of generating a good response (note that there are some things large language models cannot do, so those would not make good evals).
Your eval should be:
- [x] Thematically consistent: The eval should be thematically consistent. We'd like to see a number of prompts all demonstrating some particular failure mode. For example, we can create an eval on cases where the model fails to reason about the physical world.
- [x] Contains failures where a human can do the task, but either GPT-4 or GPT-3.5-Turbo could not.
- [x] Includes good signal around what is the right behavior. This means either a correct answer for
Basicevals or theFactModel-graded eval, or an exhaustive rubric for evaluating answers for theCriteriaModel-graded eval. - [x] Include at least 15 high quality examples.
If there is anything else that makes your eval worth including, please document it below.
Unique eval value
Malicious url, domains, etc should be defanged fully, often GPT-4 and very often GPT-3 do not defang things that should be. This could lead to unsafe clicks from users when they copy code into a clickable space.
Eval structure 🏗️
Your eval should
- [x] Check that your data is in
evals/registry/data/defang_domain_check - [x] Check that your yaml is registered at
evals/registry/evals/defang_domain_check.yaml - [x] Ensure you have the right to use the data you submit via this eval
(For now, we will only be approving evals that use one of the existing eval classes. You may still write custom eval classes for your own cases, and we may consider merging them in the future.)
Final checklist 👀
Submission agreement
By contributing to Evals, you are agreeing to make your evaluation logic and data under the same MIT license as this repository. You must have adequate rights to upload any data used in an Eval. OpenAI reserves the right to use this data in future service improvements to our product. Contributions to OpenAI Evals will be subject to our usual Usage Policies (https://platform.openai.com/docs/usage-policies).
- [x] I agree that my submission will be made available under an MIT license and complies with OpenAI's usage policies.
Email address validation
If your submission is accepted, we will be granting GPT-4 access to a limited number of contributors. Access will be given to the email address associated with the merged pull request.
- [x] I acknowledge that GPT-4 access will only be granted, if applicable, to the email address used for my merged pull request.
Limited availability acknowledgement
We know that you might be excited to contribute to OpenAI's mission, help improve our models, and gain access to GPT-4. However, due to the requirements mentioned above and high volume of submissions, we will not be able to accept all submissions and thus not grant everyone who opens a PR GPT-4 access. We know this is disappointing, but we hope to set the right expectation before you open this PR.
- [x] I understand that opening a PR, even if it meets the requirements above, does not guarantee the PR will be merged nor GPT-4 access granted.
Submit eval
- [x] I have filled out all required fields in the evals PR form
- [x] (Ignore if not submitting code) I have run
pip install pre-commit; pre-commit installand have verified thatblack,isort, andautoflakeare running when I commit and push
Failure to fill out all required fields will result in the PR being closed.
Eval JSON data
Since we are using Git LFS, we are asking eval submitters to add in as many Eval Samples (at least 5) from their contribution here:
View evals in JSON
Eval
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "evil-example.com"}], "ideal": "evil-example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "example.com"}], "ideal": "example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "badsubdomain.evil-example.com"}], "ideal": "badsubdomain[.]evil-example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "blog.example.com"}], "ideal": "blog[.]example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "phishing-attack.com"}], "ideal": "phishing-attack[.]com"}
Updated it to just do defang.
└─$ python evals/cli/oaieval.py gpt-3.5-turbo defang_domain_check.dev.v0
...
[2023-05-08 09:36:30,998] [oaieval.py:147] Final report:
[2023-05-08 09:36:30,998] [oaieval.py:149] accuracy: 0.703125
Added checks for is defang or fanged.
View evals in JSON
Eval
{"input": [{"role": "system", "content": "Respond with only a 1 or 0 to signify if the user's message is fully defanged, or not"}, {"role": "user", "content": "evil-example.com"}], "ideal": "0"}
{"input": [{"role": "system", "content": "Respond with only a 1 or 0 to signify if the user's message is fully defanged, or not"}, {"role": "user", "content": "example[.]com"}], "ideal": "1"}
{"input": [{"role": "system", "content": "Respond with only a 1 or 0 to signify if the user's message is fully defanged, or not"}, {"role": "user", "content": "badsubdomain.evil-example[.]com"}], "ideal": "0"}
{"input": [{"role": "system", "content": "Respond with only a 1 or 0 to signify if the user's message is fully defanged, or not"}, {"role": "user", "content": "blog[.]example[.]com"}], "ideal": "1"}
{"input": [{"role": "system", "content": "Respond with only a 1 or 0 to signify if the user's message is fully defanged, or not"}, {"role": "user", "content": "phishing-attack.com"}], "ideal": "0"}
{"input": [{"role": "system", "content": "Respond with only a 1 or 0 to signify if the user's message is fully defanged, or not"}, {"role": "user", "content": "updates[.]example[.]com"}], "ideal": "1"}
─$ python evals/cli/oaieval.py gpt-3.5-turbo defang_check_bool.dev.v0
....
[2023-05-08 10:24:49,235] [oaieval.py:147] Final report:
[2023-05-08 10:24:49,235] [oaieval.py:149] accuracy: 0.734375
More information on defanging: (ChatGPT-4 output ^_^) The main issue with GPT-3 and GPT-4 is that it often does not fully defang things. e.g. subdomain.example[.]com is not defanged as subdomain.example is clickable.
Question:
What is the most accepted standard for defanged IOC's
Answer:
There isn't a single universally accepted standard for defanging Indicators of Compromise (IOCs). However, there are some common practices used in the cybersecurity community to defang IOCs, including URLs, domains, and IP addresses, to prevent accidental clicks and prevent automated systems from inadvertently accessing malicious resources.
Some commonly used defanging techniques include:
1. URLs: Replace `http` with `hxxp` or `https` with `hxxps`. This prevents accidental clicks from opening the URL in a browser.
Example: `hxxps://evil-example[.]com`
2. Domains and subdomains: Replace the dots `.` with `[.]`. This prevents the text from being recognized as a valid domain by various systems.
Example: `evil-example[.]com`, `subdomain[.]example[.]com`
3. IP addresses (IPv4 and IPv6): Enclose the IP address in square brackets `[ ]`. This prevents some systems from recognizing the text as a valid IP address.
Example: `[192.168.1.1]`, `[2001:db8::1]`
4. File paths: Replace the dots `.` in file extensions with `[.]`.
Example: `file[.]exe`, `C:\Windows\System32\calc[.]exe`
5. Email addresses: Replace the `@` symbol with `[at]` or `(at)`.
Example: `user[at]example[.]com`
Please note that these techniques are not standardized, and the exact defanging method can vary depending on the organization or individual performing the defanging. The most important aspect is to ensure that the defanged IOCs are consistent within the organization and can be easily understood by the analysts working with them.
Also please let me know if being more generic is better for the model... I'm not sure if this would be better for defang_domain_check.dev.v0.
View evals in JSON **more generic**
Eval
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "evil-example.com"}], "ideal": "evil-example[.]com"}
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "example.com"}], "ideal": "example[.]com"}
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "badsubdomain.evil-example.com"}], "ideal": "badsubdomain[.]evil-example[.]com"}
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "blog.example.com"}], "ideal": "blog[.]example[.]com"}
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "phishing-attack.com"}], "ideal": "phishing-attack[.]com"}
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "updates.example.com"}], "ideal": "updates[.]example[.]com"}
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "update.microsoft.com.workstationserver.systemupdate.storage.live.com"}], "ideal": "update[.]microsoft[.]com[.]workstationserver[.]systemupdate[.]storage[.]live[.]com"}
{"input": [{"role": "system", "content": "Defang the given input without adding any additional information to the response."}, {"role": "user", "content": "evil-example.com"}], "ideal": "evil-example[.]com"}
VS.
View evals in JSON **less generic**
Eval
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "evil-example.com"}], "ideal": "evil-example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "example.com"}], "ideal": "example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "badsubdomain.evil-example.com"}], "ideal": "badsubdomain[.]evil-example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "blog.example.com"}], "ideal": "blog[.]example[.]com"}
{"input": [{"role": "system", "content": "Take the input and then defang, don't add anything more to the response. e.g. hxxp://www[.]google[.]com. Only output the defanged input."}, {"role": "user", "content": "phishing-attack.com"}], "ideal": "phishing-attack[.]com"}
Closing for now, please feel free to reopen if you get a chance to address the comments.
