Automatic Simplification of Common Vulnerabilities and Exposures Descriptions
This addresses the challenge of making cyber security information accessible to non-experts, though it is incremental as it applies existing ATS methods to a new domain.
The study tackled the problem of simplifying cyber security vulnerability descriptions for non-experts using large language models, finding that while models can make text appear simpler, they struggle with preserving meaning, as evaluated by experts on a dataset of 40 CVE descriptions.
Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus on investigating how large language models (LLMs) could be utilized in automatic text simplification (ATS) of Common Vulnerability and Exposure (CVE) descriptions. Automatic text simplification has been studied in several contexts, such as medical, scientific, and news texts, but it has not yet been studied to simplify texts in the rapidly changing and complex domain of cyber security. We created a baseline for cyber security ATS and a test dataset of 40 CVE descriptions, evaluated by two groups of cyber security experts in two survey rounds. We have found that while out-of-the box LLMs can make the text appear simpler, they struggle with meaning preservation. Code and data are available at https://version.aalto.fi/gitlab/vehomav1/simplification\_nmi.