Using Retriever Augmented Large Language Models for Attack Graph Generation
This addresses the need for more efficient and comprehensive vulnerability management for cybersecurity professionals, though it appears incremental as it applies existing LLMs to a specific domain task.
The paper tackles the problem of automating attack graph generation for cybersecurity by using large language models to chain vulnerabilities and create graphs from threat reports, resulting in a method that reduces manual effort and adapts to evolving threats.
As the complexity of modern systems increases, so does the importance of assessing their security posture through effective vulnerability management and threat modeling techniques. One powerful tool in the arsenal of cybersecurity professionals is the attack graph, a representation of all potential attack paths within a system that an adversary might exploit to achieve a certain objective. Traditional methods of generating attack graphs involve expert knowledge, manual curation, and computational algorithms that might not cover the entire threat landscape due to the ever-evolving nature of vulnerabilities and exploits. This paper explores the approach of leveraging large language models (LLMs), such as ChatGPT, to automate the generation of attack graphs by intelligently chaining Common Vulnerabilities and Exposures (CVEs) based on their preconditions and effects. It also shows how to utilize LLMs to create attack graphs from threat reports.