From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures

TL;DR

This paper presents a neuro-symbolic multi-agent system that uses semantic hypernym-hyponym relations to extract information from cyber threat reports, automatically generating firewall rules to improve web security response times.

Contribution

It introduces a novel hypernym-hyponym based information extraction method integrated into a multi-agent system for automated security rule generation.

Findings

Hypernym-hyponym retrieval outperforms baseline methods

Agentic approach effectively mitigates cyber threats

System automates firewall rule creation from threat intelligence

Abstract

Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence (AI) promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for sensitive operational tasks, such as configuring security controls for mitigating threats. To this end, it proposes to leverage hypernym-hyponym textual relations to extract relevant information from Cyber Threat Intelligence (CTI) reports. By leveraging a neuro-symbolic approach, the multi-agent system automatically generates CLIPS code for an expert system creating firewall rules to block malicious network traffic. Experimental results show the superior performance of the hypernym-hyponym retrieval strategy compared to various baselines and the higher effectiveness of the agentic approach in mitigating threats.