Cyber Knowledge Completion Using Large Language Models

• URL: http://arxiv.org/abs/2409.16176v1
• Date: Tue, 24 Sep 2024 15:20:39 GMT
• Title: Cyber Knowledge Completion Using Large Language Models
• Authors: Braden K Webb, Sumit Purohit, Rounak Meyur,
• Abstract summary: Integrating the Internet of Things (IoT) into Cyber-Physical Systems (CPSs) has expanded their cyber-attack surface. Assessing the risks of CPSs is increasingly difficult due to incomplete and outdated cybersecurity knowledge. Recent advancements in Large Language Models (LLMs) present a unique opportunity to enhance cyber-attack knowledge completion.
• Score: 1.4883782513177093
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The integration of the Internet of Things (IoT) into Cyber-Physical Systems (CPSs) has expanded their cyber-attack surface, introducing new and sophisticated threats with potential to exploit emerging vulnerabilities. Assessing the risks of CPSs is increasingly difficult due to incomplete and outdated cybersecurity knowledge. This highlights the urgent need for better-informed risk assessments and mitigation strategies. While previous efforts have relied on rule-based natural language processing (NLP) tools to map vulnerabilities, weaknesses, and attack patterns, recent advancements in Large Language Models (LLMs) present a unique opportunity to enhance cyber-attack knowledge completion through improved reasoning, inference, and summarization capabilities. We apply embedding models to encapsulate information on attack patterns and adversarial techniques, generating mappings between them using vector embeddings. Additionally, we propose a Retrieval-Augmented Generation (RAG)-based approach that leverages pre-trained models to create structured mappings between different taxonomies of threat patterns. Further, we use a small hand-labeled dataset to compare the proposed RAG-based approach to a baseline standard binary classification model. Thus, the proposed approach provides a comprehensive framework to address the challenge of cyber-attack knowledge graph completion.

Related papers

• Technique Inference Engine: A Recommender Model to Support Cyber Threat Hunting [0.6990493129893112]
  Cyber threat hunting is the practice of proactively searching for latent threats in a network. To aid analysts in identifying techniques which may be co-occurring as part of a campaign, we present the Technique Inference Engine.
  arXiv  Detail & Related papers  (2025-03-04T22:31:43Z)
• CTINEXUS: Leveraging Optimized LLM In-Context Learning for Constructing Cybersecurity Knowledge Graphs Under Data Scarcity [49.657358248788945]
  Textual descriptions in cyber threat intelligence (CTI) reports are rich sources of knowledge about cyber threats. Current CTI extraction methods lack flexibility and generalizability, often resulting in inaccurate and incomplete knowledge extraction. We propose CTINexus, a novel framework leveraging optimized in-context learning (ICL) of large language models.
  arXiv  Detail & Related papers  (2024-10-28T14:18:32Z)
• Transferable Adversarial Attacks on SAM and Its Downstream Models [87.23908485521439]
  This paper explores the feasibility of adversarial attacking various downstream models fine-tuned from the segment anything model (SAM) To enhance the effectiveness of the adversarial attack towards models fine-tuned on unknown datasets, we propose a universal meta-initialization (UMI) algorithm.
  arXiv  Detail & Related papers  (2024-10-26T15:04:04Z)
• Towards the generation of hierarchical attack models from cybersecurity vulnerabilities using language models [3.7548609506798494]
  This paper investigates the use of a pre-trained language model and siamese network to discern sibling relationships between text-based cybersecurity vulnerability data.
  arXiv  Detail & Related papers  (2024-10-07T13:05:33Z)
• KGV: Integrating Large Language Models with Knowledge Graphs for Cyber Threat Intelligence Credibility Assessment [38.312774244521]
  We propose a knowledge graph-based verifier for Cyber Threat Intelligence (CTI) quality assessment framework. Our approach introduces Large Language Models (LLMs) to automatically extract OSCTI key claims to be verified. To fill the gap in the research field, we created and made public the first dataset for threat intelligence assessment from heterogeneous sources.
  arXiv  Detail & Related papers  (2024-08-15T11:32:46Z)
• Using Retriever Augmented Large Language Models for Attack Graph Generation [0.7619404259039284]
  This paper explores the approach of leveraging large language models (LLMs) to automate the generation of attack graphs. It shows how to utilize Common Vulnerabilities and Exposures (CommonLLMs) to create attack graphs from threat reports.
  arXiv  Detail & Related papers  (2024-08-11T19:59:08Z)
• "Glue pizza and eat rocks" -- Exploiting Vulnerabilities in Retrieval-Augmented Generative Models [74.05368440735468]
  Retrieval-Augmented Generative (RAG) models enhance Large Language Models (LLMs) In this paper, we demonstrate a security threat where adversaries can exploit the openness of these knowledge bases.
  arXiv  Detail & Related papers  (2024-06-26T05:36:23Z)
• Mutual-modality Adversarial Attack with Semantic Perturbation [81.66172089175346]
  We propose a novel approach that generates adversarial attacks in a mutual-modality optimization scheme. Our approach outperforms state-of-the-art attack methods and can be readily deployed as a plug-and-play solution.
  arXiv  Detail & Related papers  (2023-12-20T05:06:01Z)
• Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey [114.17568992164303]
  Adrial attacks and defenses in machine learning and deep neural network have been gaining significant attention. This survey provides a comprehensive overview of the recent advancements in the field of adversarial attack and defense techniques. New avenues of attack are also explored, including search-based, decision-based, drop-based, and physical-world attacks.
  arXiv  Detail & Related papers  (2023-03-11T04:19:31Z)
• Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI [3.871148938060281]
  LADDER is a framework that can extract text-based attack patterns from cyberthreat intelligence reports at scale. We present several use cases to demonstrate the application of LADDER in real-world scenarios.
  arXiv  Detail & Related papers  (2022-11-01T12:16:30Z)
• An Automated, End-to-End Framework for Modeling Attacks From Vulnerability Descriptions [46.40410084504383]
  In order to derive a relevant attack graph, up-to-date information on known attack techniques should be represented as interaction rules. We present a novel, end-to-end, automated framework for modeling new attack techniques from textual description of a security vulnerability.
  arXiv  Detail & Related papers  (2020-08-10T19:27:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.