Add cybersecurity-filepaths eval test

[glmcdona]

Thank you for contributing an eval! ♥️

🚨 Please make sure your PR follows these guidelines, failure to follow the guidelines below will result in the PR being closed automatically. Note that even if the criteria are met, that does not guarantee the PR will be merged nor GPT-4 access granted. 🚨

PLEASE READ THIS:

In order for a PR to be merged, it must fail on GPT-4. We are aware that right now, users do not have access, so you will not be able to tell if the eval fails or not. Please run your eval with GPT-3.5-Turbo, but keep in mind as we run the eval, if GPT-4 gets higher than 90% on the eval, we will likely reject since GPT-4 is already capable of completing the task.

We plan to roll out a way for users submitting evals to see the eval performance on GPT-4 soon. Stay tuned! Until then, you will not be able to see the eval performance on GPT-4. Starting April 10, the minimum eval count is 15 samples, we hope this makes it easier to create and contribute evals.

Eval details 📑

Eval name

cybersecurity-filepaths

Eval description

Assesses cybersecurity skills by identifying the malicious Windows filepath from a given collection of filepaths. Experienced threat analysts over time learn to recognize the patterns of malicious filepaths, and this eval tests that ability with a set of tricky clean applications and malicious attacks that an expert human can identify based on their years of experience.

This includes 93 tests, that is constructed from 44 clean filepaths and 32 malicious filepaths. Only malicious filepaths that stand out to an expert security researcher based on context were included, and the clean paths were also chosen to be challenging and realistic. Usernames are stripped from the filepaths. The test is constructed by selected a single malicious filepath, and mixing it with 5, 10, or 20 clean filepaths to model increasing levels of difficulty.

gpt-3.5-turbo scores 18.3% accuracy, and based on some manual tests it looks like ChatGPT 4 might score around 80% (though I'll need access to check).

What makes this a useful eval?

Getting an accurate understanding of the cybersecurity space poses a unique challenge. Web content scraped from the web might over-index on certain filepath being related to malware - for example SolarWinds related filepaths are generally clean but may be incorrectly understood as malware due to the amount of content on the web related to the supply chain attack leveraging their software.

Application of ChatGPT 4 to cybersecurity landscape to protect the world against attacks is an important emerging space for these large models. They are starting to show similar human-like insight into telemetry. If we can deploy the type of intelligence demonstrated by this eval at a cheaper cost-point, we'd be able to make a big difference to protecting the world from attacks.

Criteria for a good eval ✅

Below are some of the criteria we look for in a good eval. In general, we are seeking cases where the model does not do a good job despite being capable of generating a good response (note that there are some things large language models cannot do, so those would not make good evals).

Your eval should be:

• Thematically consistent: The eval should be thematically consistent. We'd like to see a number of prompts all demonstrating some particular failure mode. For example, we can create an eval on cases where the model fails to reason about the physical world.
• Contains failures where a human can do the task, but either GPT-4 or GPT-3.5-Turbo could not.
• Includes good signal around what is the right behavior. This means either a correct answer for Basic evals or the Fact Model-graded eval, or an exhaustive rubric for evaluating answers for the Criteria Model-graded eval.
• Include at least 15 high quality examples.

If there is anything else that makes your eval worth including, please document it below.

Unique eval value

Insert what makes your eval high quality that was not mentioned above. (Not required)

Eval structure 🏗️

Your eval should

• Check that your data is in evals/registry/data/{name}
• Check that your yaml is registered at evals/registry/evals/{name}.yaml
• Ensure you have the right to use the data you submit via this eval

(For now, we will only be approving evals that use one of the existing eval classes. You may still write custom eval classes for your own cases, and we may consider merging them in the future.)

Final checklist 👀

Submission agreement

By contributing to Evals, you are agreeing to make your evaluation logic and data under the same MIT license as this repository. You must have adequate rights to upload any data used in an Eval. OpenAI reserves the right to use this data in future service improvements to our product. Contributions to OpenAI Evals will be subject to our usual Usage Policies (https://platform.openai.com/docs/usage-policies).

• I agree that my submission will be made available under an MIT license and complies with OpenAI's usage policies.

Email address validation

If your submission is accepted, we will be granting GPT-4 access to a limited number of contributors. Access will be given to the email address associated with the merged pull request.

• I acknowledge that GPT-4 access will only be granted, if applicable, to the email address used for my merged pull request.

Limited availability acknowledgement

We know that you might be excited to contribute to OpenAI's mission, help improve our models, and gain access to GPT-4. However, due to the requirements mentioned above and high volume of submissions, we will not be able to accept all submissions and thus not grant everyone who opens a PR GPT-4 access. We know this is disappointing, but we hope to set the right expectation before you open this PR.

• I understand that opening a PR, even if it meets the requirements above, does not guarantee the PR will be merged nor GPT-4 access granted.

Submit eval

• I have filled out all required fields in the evals PR form
• (Ignore if not submitting code) I have run pip install pre-commit; pre-commit install and have verified that black, isort, and autoflake are running when I commit and push

Failure to fill out all required fields will result in the PR being closed.

Eval JSON data

Since we are using Git LFS, we are asking eval submitters to add in as many Eval Samples (at least 5) from their contribution here:

View evals in JSON

Eval

{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.64\\Installer\\chrome.7z,C:\\Program Files (x86)\\Prococious Technology Inc\\ClearDent\\txtools.dll,C:\\ProgramData\\checkmk\\agent\\modules\\python-3\\.venv\\Scripts\\python.exe,C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\Loader.exe,C:\\Windows\\System32\\drivers\\iaStorAV.sys,C:\\Users\\username\\AppData\\Roaming\\chrome\\chrome.exe``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Roaming\\chrome\\chrome.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\b40ad7167488f81c80abc2de7e8c3b9c\\mscorlib.ni.dll,C:\\Users\\username\\AppData\\Local\\Temp\\Rar$DRa0.960\\1.5.2\\jPortable\\lib\\ext\\sunec.jar,C:\\Program Files (x86)\\Prococious Technology Inc\\ClearDent\\txtools.dll,C:\\Users\\username\\Desktop\\rufus-3.20p (1).exe,C:\\Windows\\svchost.exe,C:\\Windows\\SysWOW64\\mfc120deu.dll``` Answer: C:\\"}], "ideal": "Windows\\svchost.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\System32\\drivers\\iaStorAV.sys,C:\\Program Files (x86)\\YouKu\\YoukuClient\\plugins\\accs.dll,C:\\Program Files (x86)\\SolarWinds\\Agent\\SolarWinds.Agent.Service.exe,C:\\ProgramData\\muIWiyPVLEpuZPVB\\QVEVjLh.wsf,C:\\windows\\system32\\fsprocsvc.exe,C:\\LDPlayer\\LDPlayer9\\libssl-1_1.dll``` Answer: C:\\"}], "ideal": "ProgramData\\muIWiyPVLEpuZPVB\\QVEVjLh.wsf"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\System32\\drivers\\iaStorAV.sys,C:\\ProgramData\\{2FA73671-7C6C-4bf8-9F0C-E1A75A3860ED}.tmp\\HardwareProtectEx_x64.sys,C:\\Program Files\\Geni\\Genian\\Patch\\08D5ACEBCC0FADDF17FEDCC87ED25A4CC845A707.exe,C:\\Program Files\\Sharp\\File-Copy\\File-Copy.exe,C:\\Users\\username\\AppData\\Local\\Temp\\Rar$DRa0.960\\1.5.2\\jPortable\\lib\\ext\\sunec.jar,C:\\Users\\username\\AppData\\Roaming\\Microsoft\\unityhub.exe``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Roaming\\Microsoft\\unityhub.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\SysWOW64\\drivers\\lsass.exe,C:\\Users\\username\\Downloads\\Inventory Update Tool GDSM v5.docx,C:\\Users\\username\\Downloads\\NTW3-9.2-Campaigns.exe,C:\\Windows\\Redirected\\Sync\\CCC_Certificates.vbs,C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\Loader.exe,C:\\Users\\username\\AppData\\Local\\Temp\\Rar$DRa0.960\\1.5.2\\jPortable\\lib\\ext\\sunec.jar``` Answer: C:\\"}], "ideal": "Windows\\SysWOW64\\drivers\\lsass.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files\\Sharp\\File-Copy\\File-Copy.exe,C:\\Windows\\Redirected\\Sync\\CCC_Certificates.vbs,C:\\Program Files (x86)\\VideoLAN\\VLC\\plugins\\libfilesystem_plugin.dll,C:\\Windows\\Installer\\a8a9a8f.msi,C:\\Windows\\Resources\\spoolsv.exe,C:\\Program Files (x86)\\Zscaler\\ZSATunnel\\ZSATunnel.exe``` Answer: C:\\"}], "ideal": "Windows\\Resources\\spoolsv.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files (x86)\\SolarWinds\\Agent\\SolarWinds.Agent.Service.exe,C:\\Users\\username\\AppData\\Roaming\\imageclass\\Library.dll,C:\\lmc-1.2.35-win32\\mingwm10.dll,C:\\Program Files (x86)\\Steam\\steamapps\\common\\Grand Theft Auto V\\GTA5.exe,C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\Loader.exe,C:\\Windows\\system32\\drivers\\SkyRGDrv.sys``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Roaming\\imageclass\\Library.dll"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\system32\\drivers\\SkyRGDrv.sys,C:\\windows\\system32\\fsprocsvc.exe,C:\\Users\\username\\Downloads\\Inventory Update Tool GDSM v5.docx,C:\\Users\\username\\Downloads\\Order_Verication_363900421 (1).docm,C:\\Windows\\System32\\drivers\\iaStorAV.sys,C:\\Program Files (x86)\\Steam\\steamapps\\common\\Grand Theft Auto V\\GTA5.exe``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\Order_Verication_363900421 (1).docm"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Users\\username\\Downloads\\Invoice_1232.docm,C:\\Users\\username\\Downloads\\Rotation Schedule Planner for April 2023.doc,C:\\Windows\\System32\\svchost.exe,C:\\Windows\\System32\\SECOMN64.exe,C:\\Windows\\Redirected\\Sync\\CCC_Certificates.vbs,C:\\Users\\username\\Desktop\\0-848\\Shotcut\\lib\\mlt\\libmltplus.dll``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\Invoice_1232.docm"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\system32\\drivers\\SkyRGDrv.sys,C:\\Windows\\SysWOW64\\mfc120deu.dll,C:\\Users\\username\\Downloads\\validationDocument (1).docm,C:\\Users\\username\\AppData\\Local\\Temp\\nsm4108.tmp\\UAC.dll,C:\\ProgramData\\checkmk\\agent\\modules\\python-3\\.venv\\Scripts\\python.exe,C:\\Program Files\\Geni\\Genian\\Patch\\08D5ACEBCC0FADDF17FEDCC87ED25A4CC845A707.exe``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\validationDocument (1).docm"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\lmc-1.2.35-win32\\mingwm10.dll,C:\\Users\\username\\Downloads\\Rotation Schedule Planner for April 2023.doc,C:\\windows\\system32\\fsprocsvc.exe,C:\\Users\\username\\Downloads\\PaymentReceipt.docm,C:\\Program Files\\Sharp\\File-Copy\\File-Copy.exe,C:\\Program Files (x86)\\SolarWinds\\Agent\\Plugins\\ADMProbe\\SolarWinds.ADM.AgentPlugin.exe``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\PaymentReceipt.docm"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\b40ad7167488f81c80abc2de7e8c3b9c\\mscorlib.ni.dll,C:\\Program Files\\SoftEther VPN Client\\vpnsetup.exe,C:\\Users\\username\\Downloads\\scan.docm,C:\\Windows\\SysWOW64\\mfc120deu.dll,C:\\Users\\username\\AppData\\Local\\Temp\\nsm4108.tmp\\UAC.dll,C:\\Windows\\Installer\\a8a9a8f.msi``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\scan.docm"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files\\SoftEther VPN Client\\vpnsetup.exe,C:\\Program Files\\qBittorrent\\qbittorrent.exe,C:\\Users\\username\\AppData\\Local\\2345Explorer\\User Data\\Default\\Extensions\\lfjjlbddikjohbgnamejecaegefncbli\\1.0_0\\static\\js\\bfb.js,C:\\Users\\username\\Downloads\\Receipt(7682).docm,C:\\Windows\\SysWOW64\\mfc120deu.dll,C:\\Windows\\system32\\drivers\\SkyRGDrv.sys``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\Receipt(7682).docm"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files\\Geni\\Genian\\Patch\\08D5ACEBCC0FADDF17FEDCC87ED25A4CC845A707.exe,C:\\LDPlayer\\LDPlayer9\\libssl-1_1.dll,C:\\Program Files (x86)\\Zscaler\\ZSATunnel\\ZSATunnel.exe,C:\\Windows\\System32\\drivers\\iaStorAV.sys,C:\\Users\\username\\Downloads\\Advice_Paymet_IBGC825120123123254 Pdf.html,C:\\Windows\\System32\\cmd.exe``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\Advice_Paymet_IBGC825120123123254 Pdf.html"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files (x86)\\SolarWinds\\Agent\\SolarWinds.Agent.Service.exe,C:\\Program Files (x86)\\SolarWinds\\Agent\\Plugins\\ADMProbe\\SolarWinds.ADM.AgentPlugin.exe,C:\\Windows\\System32\\cmd.exe,C:\\Program Files (x86)\\YouKu\\YoukuClient\\plugins\\accs.dll,C:\\Users\\username\\Downloads\\Complete_Setup_Use_2023_As_Passwrd.rar,C:\\Program Files\\OpeniT\\Core\\bin\\curl.exe``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\Complete_Setup_Use_2023_As_Passwrd.rar"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\System32\\drivers\\iaStorAV.sys,C:\\Users\\username\\AppData\\Roaming\\3545695800.exe,C:\\Users\\username\\Desktop\\rufus-3.20p (1).exe,C:\\Program Files\\OpeniT\\Core\\bin\\curl.exe,C:\\Users\\username\\Desktop\\0-848\\Shotcut\\lib\\mlt\\libmltplus.dll,C:\\Windows\\System32\\svchost.exe``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Roaming\\3545695800.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\PROGRA~1\\COMMON~1\\System\\symsrv.dll,C:\\Users\\username\\Downloads\\Inventory Update Tool GDSM v5.docx,C:\\Program Files (x86)\\YouKu\\YoukuClient\\plugins\\accs.dll,C:\\Program Files (x86)\\SolarWinds\\Agent\\SolarWinds.Agent.Service.exe,C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\Loader.exe,C:\\Windows\\System32\\cmd.exe``` Answer: C:\\"}], "ideal": "PROGRA~1\\COMMON~1\\System\\symsrv.dll"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files\\qBittorrent\\qbittorrent.exe,C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\b40ad7167488f81c80abc2de7e8c3b9c\\mscorlib.ni.dll,C:\\Users\\username\\Desktop\\0-848\\Shotcut\\lib\\mlt\\libmltplus.dll,C:\\Program Files (x86)\\SolarWinds\\Agent\\Plugins\\ADMProbe\\SolarWinds.ADM.AgentPlugin.exe,C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe,C:\\Windows\\SysWOW64\\WMIScriptingAPI\\nssy.exe``` Answer: C:\\"}], "ideal": "Windows\\SysWOW64\\WMIScriptingAPI\\nssy.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\System32\\cmd.exe,C:\\lmc-1.2.35-win32\\mingwm10.dll,C:\\Windows\\Temp\\analyse.exe,C:\\windows\\system32\\fsprocsvc.exe,C:\\ProgramData\\checkmk\\agent\\modules\\python-3\\.venv\\Scripts\\python.exe,C:\\Users\\username\\AppData\\Local\\Temp\\Rar$DRa0.960\\1.5.2\\jPortable\\lib\\ext\\sunec.jar``` Answer: C:\\"}], "ideal": "Windows\\Temp\\analyse.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```D:\\RECYCLER.BIN\\hex.dll,C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.64\\Installer\\chrome.7z,C:\\ProgramData\\Overwolf\\Setup\\0.221.109.14\\OverwolfSetup.exe,C:\\Program Files (x86)\\VideoLAN\\VLC\\plugins\\libfilesystem_plugin.dll,C:\\Windows\\System32\\cmd.exe,C:\\Windows\\SysWOW64\\mfc120deu.dll``` Answer: C:\\"}], "ideal": "RECYCLER.BIN\\hex.dll"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\lmc-1.2.35-win32\\mingwm10.dll,C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\Loader.exe,C:\\Program Files (x86)\\SolarWinds\\Agent\\SolarWinds.Agent.Service.exe,C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe,C:\\Users\\username\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ui.exe,C:\\Windows\\System32\\svchost.exe``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ui.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\System32\\SECOMN64.exe,C:\\Program Files (x86)\\SolarWinds\\Agent\\SolarWinds.Agent.Service.exe,C:\\Users\\username\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\drive.exe,C:\\Users\\username\\AppData\\Local\\2345Explorer\\User Data\\Default\\Extensions\\lfjjlbddikjohbgnamejecaegefncbli\\1.0_0\\static\\js\\bfb.js,C:\\Users\\username\\Desktop\\0-848\\Shotcut\\lib\\mlt\\libmltplus.dll,C:\\Program Files (x86)\\VideoLAN\\VLC\\plugins\\libfilesystem_plugin.dll``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\drive.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\ProgramData\\MslBooster\\WindowsPaint-Ver3.8.8.3.exe,C:\\Users\\username\\Desktop\\0-848\\Shotcut\\lib\\mlt\\libmltplus.dll,C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe,C:\\Windows\\Installer\\a8a9a8f.msi,C:\\Windows\\system32\\drivers\\SkyRGDrv.sys,C:\\ProgramData\\Overwolf\\Setup\\0.221.109.14\\OverwolfSetup.exe``` Answer: C:\\"}], "ideal": "ProgramData\\MslBooster\\WindowsPaint-Ver3.8.8.3.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files (x86)\\Steam\\steamapps\\common\\Grand Theft Auto V\\GTA5.exe,C:\\Program Files\\Sharp\\File-Copy\\File-Copy.exe,C:\\Users\\username\\Downloads\\Inventory Update Tool GDSM v5.docx,C:\\Windows\\System32\\drivers\\iaStorAV.sys,C:\\Users\\username\\AppData\\Roaming\\1z6E2nwrGf05i3P\\jChGsIxjHw.exe,C:\\Windows\\System32\\cmd.exe``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Roaming\\1z6E2nwrGf05i3P\\jChGsIxjHw.exe"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Program Files (x86)\\Steam\\steamapps\\common\\Grand Theft Auto V\\GTA5.exe,C:\\Windows\\Temp\\wk_4996_28103\\wk.dll,C:\\Program Files (x86)\\Zscaler\\ZSATunnel\\ZSATunnel.exe,C:\\ProgramData\\modPackages\\mod\\AgentFix Client\\1.0\\Source\\Setup.exe,C:\\Users\\username\\Desktop\\rufus-3.20p (1).exe,C:\\Program Files\\qBittorrent\\qbittorrent.exe``` Answer: C:\\"}], "ideal": "Windows\\Temp\\wk_4996_28103\\wk.dll"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Windows\\SysWOW64\\mfc120deu.dll,C:\\Users\\username\\AppData\\Local\\Temp\\nsm4108.tmp\\UAC.dll,C:\\Program Files (x86)\\Prococious Technology Inc\\ClearDent\\txtools.dll,C:\\Program Files\\Geni\\Genian\\Patch\\08D5ACEBCC0FADDF17FEDCC87ED25A4CC845A707.exe,C:\\WINDOWS\\system32\\drivers\\v7JViu6IUh.sys,C:\\Program Files (x86)\\VideoLAN\\VLC\\plugins\\libfilesystem_plugin.dll``` Answer: C:\\"}], "ideal": "WINDOWS\\system32\\drivers\\v7JViu6IUh.sys"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Users\\username\\AppData\\Local\\Microsoft\\OneDrive\\Secur32.dll,C:\\Users\\username\\Desktop\\Pinball-Arcade.rar,C:\\ProgramData\\{2FA73671-7C6C-4bf8-9F0C-E1A75A3860ED}.tmp\\HardwareProtectEx_x64.sys,C:\\Users\\username\\AppData\\Local\\Temp\\Rar$DRa0.960\\1.5.2\\jPortable\\lib\\ext\\sunec.jar,C:\\Windows\\system32\\drivers\\SkyRGDrv.sys,C:\\Program Files (x86)\\YouKu\\YoukuClient\\plugins\\accs.dll``` Answer: C:\\"}], "ideal": "Users\\username\\AppData\\Local\\Microsoft\\OneDrive\\Secur32.dll"}
{"input": [{"role": "system", "content": "You are acting as an expert cybersecurity researcher reviewing telemetry logs of filepaths in your organization. The task is to identify the most-malicious looking filepath given a set of filepaths."}, {"role": "user", "content": "Here are a bunch of filepaths in my organization. Please tell me which one looks the most malicious. ```C:\\Users\\username\\Downloads\\NTW3-9.2-Campaigns.exe,C:\\Users\\username\\Downloads\\Set-up.exe,C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.64\\Installer\\chrome.7z,C:\\Users\\username\\Desktop\\rufus-3.20p (1).exe,C:\\Users\\username\\AppData\\Local\\Temp\\nsm4108.tmp\\UAC.dll,C:\\Windows\\System32\\cmd.exe``` Answer: C:\\"}], "ideal": "Users\\username\\Downloads\\Set-up.exe"}

[usama-openai]

Thanks for the contribution. I would like to request a change.

The naming convention for evals is in the form <eval_name>.<split>.<version>.

• <eval_name> is the eval name, used to group evals whose scores are comparable.
• <split> is the data split, used to further group evals that are under the same <base_eval>. E.g., val, test, or dev for testing.
• <version> is the version of the eval, which can be any descriptive text you'd like to use (though it's best if it does not contain.).

You can rename the eval id cybersecurity-filepaths.v0 to cybersecurity-filepaths.dev.v0.

We would love to review the PR again after the suggested changes.

[glmcdona]

Thanks @usama-openai, I made the proposed changes and tested it afterwards. Would appreciate if you had time to have another look!

[usama-openai]

This PR looks in good shape now. I'm approving this PR.

[usama-openai]

You should see GPT-4 API access enabled in your account in the next few days.

[glmcdona]

Result note:

• chatgpt-3.5-turbo: 18% accuracy
• chatgpt4: 52% accuracy