From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures
This work addresses the problem of trustworthy security responses for web security, which is crucial for organizations and individuals relying on online services.
This work tackled the problem of rapidly responding to evolving cyber threats by leveraging semantic relations to extract information from Cyber Threat Intelligence reports, resulting in superior performance and higher effectiveness in mitigating threats. The proposed approach automatically generates firewall rules to block malicious network traffic.
Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence (AI) promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for sensitive operational tasks, such as configuring security controls for mitigating threats. To this end, it proposes to leverage hypernym-hyponym textual relations to extract relevant information from Cyber Threat Intelligence (CTI) reports. By leveraging a neuro-symbolic approach, the multi-agent system automatically generates CLIPS code for an expert system creating firewall rules to block malicious network traffic. Experimental results show the superior performance of the hypernym-hyponym retrieval strategy compared to various baselines and the higher effectiveness of the agentic approach in mitigating threats.