Using Retriever Augmented Large Language Models for Attack Graph Generation

TL;DR

This paper proposes using retriever-augmented large language models to automate attack graph generation, improving coverage and efficiency in cybersecurity threat modeling by leveraging LLMs to chain CVEs and interpret threat reports.

Contribution

It introduces a novel method of employing retriever-augmented LLMs for automated attack graph creation from CVEs and threat reports, enhancing threat modeling processes.

Findings

LLMs can effectively chain CVEs based on preconditions and effects.

The approach automates attack graph generation from threat reports.

Enhanced coverage of potential attack paths.

Abstract

As the complexity of modern systems increases, so does the importance of assessing their security posture through effective vulnerability management and threat modeling techniques. One powerful tool in the arsenal of cybersecurity professionals is the attack graph, a representation of all potential attack paths within a system that an adversary might exploit to achieve a certain objective. Traditional methods of generating attack graphs involve expert knowledge, manual curation, and computational algorithms that might not cover the entire threat landscape due to the ever-evolving nature of vulnerabilities and exploits. This paper explores the approach of leveraging large language models (LLMs), such as ChatGPT, to automate the generation of attack graphs by intelligently chaining Common Vulnerabilities and Exposures (CVEs) based on their preconditions and effects. It also shows how to utilize LLMs to create attack graphs from threat reports.