Large Language Models for Explainable Threat Intelligence
By: Tiago Dinis, Miguel Correia, Roger Tavares
Potential Business Impact:
Finds computer dangers and shows how it knows.
As cyber threats continue to grow in complexity, traditional security mechanisms struggle to keep up. Large language models (LLMs) offer significant potential in cybersecurity due to their advanced capabilities in text processing and generation. This paper explores the use of LLMs with retrieval-augmented generation (RAG) to obtain threat intelligence by combining real-time information retrieval with domain-specific data. The proposed system, RAGRecon, uses a LLM with RAG to answer questions about cybersecurity threats. Moreover, it makes this form of Artificial Intelligence (AI) explainable by generating and visually presenting to the user a knowledge graph for every reply. This increases the transparency and interpretability of the reasoning of the model, allowing analysts to better understand the connections made by the system based on the context recovered by the RAG system. We evaluated RAGRecon experimentally with two datasets and seven different LLMs and the responses matched the reference responses more than 91% of the time for the best combinations.
Similar Papers
Adapting Large Language Models to Emerging Cybersecurity using Retrieval Augmented Generation
Cryptography and Security
Helps computers spot new cyber threats faster.
A RAG-Based Multi-Agent LLM System for Natural Hazard Resilience and Adaptation
Computation and Language
Helps predict wildfires and make safer choices.
Exploiting Web Search Tools of AI Agents for Data Exfiltration
Cryptography and Security
Protects smart computer brains from being tricked.