Search papers, labs, and topics across Lattice.
This paper explores the use of semantic relations, specifically hypernym-hyponym relationships, to extract relevant information from Cyber Threat Intelligence (CTI) reports for automated security response. A neuro-symbolic multi-agent system is proposed to automatically generate CLIPS code for an expert system, which then creates firewall rules. Experiments demonstrate that the hypernym-hyponym retrieval strategy outperforms baselines and the agentic approach is effective in mitigating threats.
Automating firewall rule generation from threat intelligence reports is now more effective thanks to a neuro-symbolic approach leveraging hypernym-hyponym relationships.
Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence (AI) promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for sensitive operational tasks, such as configuring security controls for mitigating threats. To this end, it proposes to leverage hypernym-hyponym textual relations to extract relevant information from Cyber Threat Intelligence (CTI) reports. By leveraging a neuro-symbolic approach, the multi-agent system automatically generates CLIPS code for an expert system creating firewall rules to block malicious network traffic. Experimental results show the superior performance of the hypernym-hyponym retrieval strategy compared to various baselines and the higher effectiveness of the agentic approach in mitigating threats.
