HW-V2W-Map: Hardware Vulnerability to Weakness Mapping Framework for
Root Cause Analysis with GPT-assisted Mitigation Suggestion
- URL: http://arxiv.org/abs/2312.13530v1
- Date: Thu, 21 Dec 2023 02:14:41 GMT
- Title: HW-V2W-Map: Hardware Vulnerability to Weakness Mapping Framework for
Root Cause Analysis with GPT-assisted Mitigation Suggestion
- Authors: Yu-Zheng Lin, Muntasir Mamun, Muhtasim Alam Chowdhury, Shuyu Cai,
Mingyu Zhu, Banafsheh Saber Latibari, Kevin Immanuel Gubbi, Najmeh Nazari
Bavarsad, Arjun Caputo, Avesta Sasan, Houman Homayoun, Setareh Rafatirad,
Pratik Satam, Soheil Salehi
- Abstract summary: We presentHW-V2W-Map Framework, which is a Machine Learning (ML) framework focusing on hardware vulnerabilities and Internet of Things (IoT) security.
The architecture that we have proposed incorporates an Ontology-driven Storytelling framework, which automates the process of updating the Ontology.
Our proposed framework utilized Generative Pre-trained Transformer (GPT) Large Language Models (LLMs) to provide mitigation suggestions.
- Score: 3.847218857469107
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: The escalating complexity of modern computing frameworks has resulted in a
surge in the cybersecurity vulnerabilities reported to the National
Vulnerability Database (NVD) by practitioners. Despite the fact that the
stature of NVD is one of the most significant databases for the latest insights
into vulnerabilities, extracting meaningful trends from such a large amount of
unstructured data is still challenging without the application of suitable
technological methodologies. Previous efforts have mostly concentrated on
software vulnerabilities; however, a holistic strategy incorporates approaches
for mitigating vulnerabilities, score prediction, and a knowledge-generating
system that may extract relevant insights from the Common Weakness Enumeration
(CWE) and Common Vulnerability Exchange (CVE) databases is notably absent. As
the number of hardware attacks on Internet of Things (IoT) devices continues to
rapidly increase, we present the Hardware Vulnerability to Weakness Mapping
(HW-V2W-Map) Framework, which is a Machine Learning (ML) framework focusing on
hardware vulnerabilities and IoT security. The architecture that we have
proposed incorporates an Ontology-driven Storytelling framework, which
automates the process of updating the ontology in order to recognize patterns
and evolution of vulnerabilities over time and provides approaches for
mitigating the vulnerabilities. The repercussions of vulnerabilities can be
mitigated as a result of this, and conversely, future exposures can be
predicted and prevented. Furthermore, our proposed framework utilized
Generative Pre-trained Transformer (GPT) Large Language Models (LLMs) to
provide mitigation suggestions.
Related papers
- Provable Robustness of (Graph) Neural Networks Against Data Poisoning and Backdoor Attacks [50.87615167799367]
We certify Graph Neural Networks (GNNs) against poisoning and backdoor attacks targeting the node features of a given graph.
Our framework provides fundamental insights into the role of graph structure and its connectivity on the worst-case behavior of convolution-based and PageRank-based GNNs.
arXiv Detail & Related papers (2024-07-15T16:12:51Z) - "Glue pizza and eat rocks" -- Exploiting Vulnerabilities in Retrieval-Augmented Generative Models [74.05368440735468]
Retrieval-Augmented Generative (RAG) models enhance Large Language Models (LLMs)
In this paper, we demonstrate a security threat where adversaries can exploit the openness of these knowledge bases.
arXiv Detail & Related papers (2024-06-26T05:36:23Z) - On Security Weaknesses and Vulnerabilities in Deep Learning Systems [32.14068820256729]
We specifically look into deep learning (DL) framework and perform the first systematic study of vulnerabilities in DL systems.
We propose a two-stream data analysis framework to explore vulnerability patterns from various databases.
We conducted a large-scale empirical study of 3,049 DL vulnerabilities to better understand the patterns of vulnerability and the challenges in fixing them.
arXiv Detail & Related papers (2024-06-12T23:04:13Z) - FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids [53.2306792009435]
FaultGuard is the first framework for fault type and zone classification resilient to adversarial attacks.
We propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness.
Our model outclasses the state-of-the-art for resilient fault prediction benchmarking, with an accuracy of up to 0.958.
arXiv Detail & Related papers (2024-03-26T08:51:23Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - Software Repositories and Machine Learning Research in Cyber Security [0.0]
The integration of robust cyber security defenses has become essential across all phases of software development.
Attempts have been made to leverage topic modeling and machine learning for the detection of these early-stage vulnerabilities in the software requirements process.
arXiv Detail & Related papers (2023-11-01T17:46:07Z) - Few-shot Weakly-supervised Cybersecurity Anomaly Detection [1.179179628317559]
We propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework.
This framework incorporates data augmentation, representation learning and ordinal regression.
We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
arXiv Detail & Related papers (2023-04-15T04:37:54Z) - Automated Security Assessment for the Internet of Things [6.690766107366799]
We propose an automated security assessment framework for IoT networks.
Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions.
This security model automatically assesses the security of the IoT network by capturing potential attack paths.
arXiv Detail & Related papers (2021-09-09T04:42:24Z) - V2W-BERT: A Framework for Effective Hierarchical Multiclass
Classification of Software Vulnerabilities [7.906207218788341]
We present a novel Transformer-based learning framework (V2W-BERT) in this paper.
By using ideas from natural language processing, link prediction and transfer learning, our method outperforms previous approaches.
We achieve up to 97% prediction accuracy for randomly partitioned data and up to 94% prediction accuracy in temporally partitioned data.
arXiv Detail & Related papers (2021-02-23T05:16:57Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Information Obfuscation of Graph Neural Networks [96.8421624921384]
We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data.
We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
arXiv Detail & Related papers (2020-09-28T17:55:04Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.