CVE-LLM : Ontology-Assisted Automatic Vulnerability Evaluation Using Large Language Models

TL;DR

This paper introduces CVE-LLM, a system leveraging large language models and ontologies to automatically evaluate cybersecurity vulnerabilities, enhancing efficiency and understanding without retraining the models.

Contribution

The work presents a novel ontology-assisted approach for vulnerability evaluation using LLMs, tailored for medical device cybersecurity assessment without retraining.

Findings

Effective integration of ontologies improves LLM understanding of vulnerabilities.

Enables automatic vulnerability assessment without retraining LLMs.

Provides guidelines for integrating LLMs into cybersecurity workflows.

Abstract

The National Vulnerability Database (NVD) publishes over a thousand new vulnerabilities monthly, with a projected 25 percent increase in 2024, highlighting the crucial need for rapid vulnerability identification to mitigate cybersecurity attacks and save costs and resources. In this work, we propose using large language models (LLMs) to learn vulnerability evaluation from historical assessments of medical device vulnerabilities in a single manufacturer's portfolio. We highlight the effectiveness and challenges of using LLMs for automatic vulnerability evaluation and introduce a method to enrich historical data with cybersecurity ontologies, enabling the system to understand new vulnerabilities without retraining the LLM. Our LLM system integrates with the in-house application - Cybersecurity Management System (CSMS) - to help Siemens Healthineers (SHS) product cybersecurity experts efficiently assess the vulnerabilities in our products. Also, we present guidelines for efficient integration of LLMs into the cybersecurity tool.