-
LLM-Assisted Proactive Threat Intelligence for Automated Reasoning
Authors:
Shuva Paul,
Farhad Alemi,
Richard Macwan
Abstract:
Successful defense against dynamically evolving cyber threats requires advanced and sophisticated techniques. This research presents a novel approach to enhance real-time cybersecurity threat detection and response by integrating large language models (LLMs) and Retrieval-Augmented Generation (RAG) systems with continuous threat intelligence feeds. Leveraging recent advancements in LLMs, specifica…
▽ More
Successful defense against dynamically evolving cyber threats requires advanced and sophisticated techniques. This research presents a novel approach to enhance real-time cybersecurity threat detection and response by integrating large language models (LLMs) and Retrieval-Augmented Generation (RAG) systems with continuous threat intelligence feeds. Leveraging recent advancements in LLMs, specifically GPT-4o, and the innovative application of RAG techniques, our approach addresses the limitations of traditional static threat analysis by incorporating dynamic, real-time data sources. We leveraged RAG to get the latest information in real-time for threat intelligence, which is not possible in the existing GPT-4o model. We employ the Patrowl framework to automate the retrieval of diverse cybersecurity threat intelligence feeds, including Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), Exploit Prediction Scoring System (EPSS), and Known Exploited Vulnerabilities (KEV) databases, and integrate these with the all-mpnet-base-v2 model for high-dimensional vector embeddings, stored and queried in Milvus. We demonstrate our system's efficacy through a series of case studies, revealing significant improvements in addressing recently disclosed vulnerabilities, KEVs, and high-EPSS-score CVEs compared to the baseline GPT-4o. This work not only advances the role of LLMs in cybersecurity but also establishes a robust foundation for the development of automated intelligent cyberthreat information management systems, addressing crucial gaps in current cybersecurity practices.
△ Less
Submitted 1 April, 2025;
originally announced April 2025.
-
ARM-IRL: Adaptive Resilience Metric Quantification Using Inverse Reinforcement Learning
Authors:
Abhijeet Sahu,
Venkatesh Venkataramanan,
Richard Macwan
Abstract:
Resilience of safety-critical systems is gaining importance, particularly with the increasing number of cyber and physical threats. Cyber-physical threats are becoming increasingly prevalent, as digital systems are ubiquitous in critical infrastructure. The challenge with determining the resilience of cyber-physical systems is identifying a set of resilience metrics that can adapt to the changing…
▽ More
Resilience of safety-critical systems is gaining importance, particularly with the increasing number of cyber and physical threats. Cyber-physical threats are becoming increasingly prevalent, as digital systems are ubiquitous in critical infrastructure. The challenge with determining the resilience of cyber-physical systems is identifying a set of resilience metrics that can adapt to the changing states of the system. A static resilience metric can lead to an inaccurate estimation of system state, and can result in unintended consequences against cyber threats. In this work, we propose a data-driven method for adaptive resilience metric learning. The primary goal is to learn a single resilience metric by formulating an inverse reinforcement learning problem that learns a reward or objective from a set of control actions from an expert. It learns the structure or parameters of the reward function based on information provided by expert demonstrations. Most prior work has considered static weights or theories from fuzzy logic to formulate a single resilience metric. Instead, this work learns the resilience metric, represented as reward function, using adversarial inverse reinforcement learning, to determine the optimal policy through training the generator discriminator in parallel. We evaluate our proposed technique in scenarios such as optimal communication network rerouting, power distribution network reconfiguration, and a combined cyber-physical restoration of critical load using the IEEE 123-bus system.
△ Less
Submitted 21 January, 2025;
originally announced January 2025.
-
Zero-Knowledge Proof-Based Approach for Verifying the Computational Integrity of Power Grid Controls
Authors:
Chin-Yao Chang,
Richard Macwan,
Sinnott Murphy
Abstract:
The control of future power grids is migrating from a centralized to a distributed/decentralized scheme to enable a massive penetration of distributed energy resources and bring extreme enhancements of autonomous operations in terms of grid resilience, security, and reliability. Most effort has been on the design of distributed/decentralized controllers; however, the guarantees of the proper execu…
▽ More
The control of future power grids is migrating from a centralized to a distributed/decentralized scheme to enable a massive penetration of distributed energy resources and bring extreme enhancements of autonomous operations in terms of grid resilience, security, and reliability. Most effort has been on the design of distributed/decentralized controllers; however, the guarantees of the proper execution of the controls are also essential but relatively less emphasized. A common assumption is that local controllers would fully follow the designated controller dynamics based on the data received from communication channels. Such an assumption could be risky because proper execution of the controller dynamics is then built on trust in secure communication and computation. On the other hand, it is impractical for a verifier to repeat all the computations involved in the controls to verify the computational integrity. In this work, we leverage a type of cryptography technology, known as zero-knowledge scalable transparent arguments of knowledge to verify the computational integrity of control algorithms, such that verifiers can check the computational integrity with much less computational burden. The method presented here converts the challenge of data integrity into a subset of computational integrity. In this proof-of-concept paper, our focus will be on projected linear dynamics that are commonly seen in distributed/decentralized power system controllers. In particular, we have derived polynomial conditions in the context of zk-STARKs for the projected linear dynamics.
△ Less
Submitted 12 November, 2022;
originally announced November 2022.
