Deciphering Complex Data Structures with LLMs

Article by Forta Network Mar. 21, 2024

Forta is the largest network of security intel in Web3. The decentralized Forta Network leverages machine learning and a community of security researchers to detect exploits, scams and other threats.       

The Forta Network pioneered the utilization of AI and ML to secure the web3 ecosystem, with the deployment of cutting edge models on the decentralized protocol that can detect and predict incoming attacks, exploits and scams. In this blog we will explore the Forta community’s innovative use of Large Language Models (LLMs) like ChatGPT to decipher and explain security alerts in human-readable formats. In the conversations surrounding smart contract exploit prevention and early detection, one topic that is often forgotten is how to improve the user experience (UX) in the event of an incoming threat alert. These AI-driven models can easily understand and process complex technical data, translating it into a simple, easy-to-understand format. This functionality is invaluable when every second counts. 

The Forta Network aims to provide an early warning system for projects and protocols, helping them to preemptively address vulnerabilities and prevent exploits. Threat intel data from threat feeds deployed on the protocol can be consumed through a pull method by querying the API or through a push method through smart contract management platforms like OpenZeppelin Defender or Hacken Extractor. A feature that is currently being explored in the Forta ecosystem is the integration of LLMs to interpret and explain security alerts. Traditionally, security alerts can be complex and difficult to understand, requiring a high level of technical expertise to decipher as well as making sure the right response is taken to prevent an exploit from occurring or quickly stop the bleeding. This complexity may lead to delays in response times, increasing the risk of damage from exploits. Additionally, understanding the often very complex nature of a scam transaction can be detrimental to protecting end users. 

Integrating LLM’s into the Forta dApp or potentially into smart contract management platforms like Defender or Extractor changes the game by translating these technical alerts into simple, human-readable formats. Once a potential threat is detected, the model describes the nature of the threat, its potential impact, and suggested actions for mitigation. Users can quickly grasp the nature and severity of potential threats without trudging through technical jargon. This accessibility not only empowers project owners and developers but also enhances community engagement with security practices and alerts.

Early detection is critical in the web3 space, where exploits can lead to substantial financial losses in a matter of minutes. The Forta Network’s decentralized approach, therefore, plays a crucial role in enhancing the overall resilience of the web3 ecosystem. By taking a community first approach to threat detection research and development the use of machine learning models ensures that solutions built on Forta are on the cusp of threat detection. Through making security information more accessible, the Forta Network fosters a culture of collective vigilance. Community members can contribute to security monitoring and threat detection, creating a decentralized and robust defense mechanism against malicious actors. 

This approach not only enhances the usability of security systems but also strengthens early detection and prevention mechanisms. As the web3 landscape continues to grow and evolve, the role of open platforms like the Forta Network in ensuring the security and integrity of decentralized networks will become increasingly critical. In conclusion, LLMs are enhancing web3 security by making real-time threat monitoring more user friendly, opening up on-chain research to an even larger audience. By providing simple, human-readable alerts for incoming threats, smart contract exploits, and ongoing scams, these models are contributing to a safer web3 ecosystem and enhancing the overall user experience. 

Forta Alert Demystifying Agent

To fully understand the how helpful the deciphering of complex data can be in the context of security, here is an example of how Forta’s “Alert Demystifying Agent” (coming soon) handled real Forta data.

  "anomalyScore": "0.0006006149532412497",
  "asset": "native",
  "blockNumber": "18928527",
  "contract": "0x01d1f55d94a53a9517c07f793f35320faa0d2dcf",
  "initiators": "0xf78e050479e3d59e4c67722b6f5a5349a55c293c",
  "postDrainBalance": "0",
  "preDrainBalance": "13364536702022070041",
  "txHashes": "0xdfac9f8df45cd1bf909995cd20cf8cad17f47abdfed0556717e5756bb459ab4b"