Categories
Pages
-

DBIS

LLM-Assisted Cybersecurity Playbook Generation Based on Existing Playbooks and Retrieval-Augmented Techniques

August 21st, 2024

Thesis Type
  • Bachelor
Student
Pouya Shekarchizadeh Esfahani
Status
Running
Proposal on
10/09/2024 1:00 pm
Proposal room
Seminar room I5 6202
Supervisor(s)
Stefan Decker
Advisor(s)
Mehdi Akbari G.
Contact
mehdi.akbari.gurabi@fit.fraunhofer.de

This bachelor thesis proposes an approach to assist experts in creating comprehensive and machine-readable incident response playbooks. By leveraging Large Language Models (LLMs) with a Retrieval-Augmented Generation (RAG) methodology, this approach aims to streamline the playbook creation process based on user input. It begins by gathering various types of information from users, such as asset insights, security environment details, threat descriptions, and CPE tags, while also incorporating security advisories in the standardized CSAF format to ensure high-quality output. The knowledge base will include semi-structured playbooks in formats like JSON, YML, and BPMN as reference samples. The system will be interactive, prompting users for additional information to tailor playbooks to their specific needs. The research questions guiding this thesis focus on the effectiveness and real-world applicability of the generated playbooks, potential enhancements to the RAG approach to minimize inaccuracies, and performance comparisons between different language models. A naïve RAG approach will be implemented as a baseline, with subsequent improvements aimed at enhancing playbook quality and relevance. Ultimately, this approach seeks to advance the automation of playbook generation to reduce the time and effort required to create security playbooks.


Prerequisites:

Knowledge in the domains of cybersecurity and Natural Language Processing (specifically, state-of-the-art Generative AI and Retrieval-Augmented Generation methods).