Anticipating Adversary Behavior in DevSecOps Scenarios through Large Language Models

TL;DR

This paper introduces a novel approach using Large Language Models to predict adversary actions in DevSecOps, enabling proactive security measures through automated attack defense trees and Security Chaos Engineering.

Contribution

It presents a new LLM-based flow for automating attack defense tree creation, integrating it with Security Chaos Engineering to anticipate cyber threats in DevSecOps environments.

Findings

Automated attack defense trees effectively model adversary behavior.

Enhanced proactive defense strategies reduce vulnerability exposure.

Method demonstrated with reproducible experiment in GitHub repository.

Abstract

The most valuable asset of any cloud-based organization is data, which is increasingly exposed to sophisticated cyberattacks. Until recently, the implementation of security measures in DevOps environments was often considered optional by many government entities and critical national services operating in the cloud. This includes systems managing sensitive information, such as electoral processes or military operations, which have historically been valuable targets for cybercriminals. Resistance to security implementation is often driven by concerns over losing agility in software development, increasing the risk of accumulated vulnerabilities. Nowadays, patching software is no longer enough; adopting a proactive cyber defense strategy, supported by Artificial Intelligence (AI), is crucial to anticipating and mitigating threats. Thus, this work proposes integrating the Security Chaos Engineering (SCE) methodology with a new LLM-based flow to automate the creation of attack defense trees that represent adversary behavior and facilitate the construction of SCE experiments based on these graphical models, enabling teams to stay one step ahead of attackers and implement previously unconsidered defenses. Further detailed information about the experiment performed, along with the steps to replicate it, can be found in the following repository: https://github.com/mariomc14/devsecops-adversary-llm.git.