Using Retriever Augmented Large Language Models for Attack Graph Generation

A natural question is how LLMs can be applied to the cybersecurity domain, specifically for generating As the complexity of modern systems increases, so does the importance attack graphs. of assessing their security posture through effective vulnerability The aim of this paper is to investigate the potential of using large management and threat modeling techniques. One powerful language models such as ChatGPT for automating the generation tool in the arsenal of cybersecurity professionals is the attack graph, of attack graphs. Our approach leverages LLM capabilities to understand a representation of all potential attack paths within a system that an and chain Common Vulnerabilities and Exposures (CVEs) adversary might exploit to achieve a certain objective. Traditional based on their preconditions and postconditions. By interpreting methods of generating attack graphs involve expert knowledge, CVE descriptions and associated metadata, LLMs can generate links manual curation, and computational algorithms that might not between vulnerabilities, offering a dynamic way to visualize possible cover the entire threat landscape due to the ever-evolving nature attack vectors. In addition, this paper explores using LLMs for of vulnerabilities and exploits. This paper explores the approach generating attack graphs based on textual threat reports, which are of leveraging large language models (LLMs), such as ChatGPT, to often rich sources of data but require manual analysis to transform automate the generation of attack graphs by intelligently chaining into actionable insights. Common Vulnerabilities and Exposures (CVEs) based on their preconditions Our work makes several contributions: and effects. It also shows how to utilize LLMs to create attack graphs from threat reports.