EXPLAINABLE AI FOR CYBER THREAT INTELLIGENCE USING LARGE LANGUAGE MODEL ARCHITECTURE

Authors

  • Rajashekhar Reddy Kethireddy Department of Software Engineering, IBM, USA. Author

Keywords:

Explainable AI, Cyber Threat Intelligence, Large Language Models, Natural Language Processing, Real-world Datasets

Abstract

Detection and understanding of the threats are playing important roles in setting up any kind of defense strategy; hence, increasing detection capability, along with contextual insight in today’s dynamic world of cyber security, is very much critical. This paper advances an understanding of Cyber Threat Intelligence using Large Language Model Architectures for Explainable Artificial Intelligence. Our approach leverages the LLM’s superior NLP to analyze vast amounts of threat data and provide actionable, understandable insights into possible security risks. We introduce a new paradigm whereby the integration of LLMs into classic CTI frameworks enables complex threat pattern identification and provides human-readable explanations for each detected threat. This will enhance the transparency and trustworthiness of AI-driven threat analysis, thus making decision-making easier and more informed by cybersecurity professionals. Extensive testing was conducted on real-world datasets to validate our approach, indicating that our approach significantly improves threat detection accuracy and explanation quality compared to the current methods. These findings suggest that LLMs dramatically improve cybersecurity tool efficacy by embedding the same into CTI systems for new frontiers toward resilience and adaptiveness.

References

Symantec, “2023cyberthreatreport,” Symantec Corporation, 2023. [Online].

Available: https://www.symantec.com/security-center/threat-report

S. Mansfield-Devine, “An introduction to cyber threat intelligence,” in Cyber Security for Beginners. Springer, 2019.

E. U. A. for Cybersecurity (ENISA), “Threat landscape report,” 2022. [Online]. Available: https://www.enisa.europa.eu/publications/

A. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2015.

M. Shahid, T. Akram, A. Mahmood, and X. Xu, “Machine learning in cyber security: A review,” in 2020 International Conference on Artificial Intelligence and Computer Engineering (ICAICE). IEEE, 2020, pp. 88–92.

M. Ribeiro, S. Singh, and C. Guestrin, “Why should i trust you? explaining the predictions of any classifier,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2016, pp.1135–1144.

F.Doshi-Velez and B. Kim, “Towards A rigorous science of interpretable models machine learning,” arXiv preprint arXiv:1702.08608, 2017.

D.(xai),” DGAuRnnPiAn,g2, 017.“[EOxnplianien]a.bAlevailabalert:ihfitctipasl ://wwinwte.ldliagrepnac.me il/program/explainable- artificial- intelligence Conference on Data Science and Advanced Analytics (DSAA). 2018, pp. 80–89.

Y. Zhang and X. Chen, “Interpretable machine learning: A guide for making black box models explainable,” Journal of Artificial Intelligence Research, vol.68, pp. 1–17, 2020.

T. Brown, B. Mann, N. Ryder, M. Subbiah, J. Kaplan, P. Dhariwal, A. Neelakantan, P. Shyam, G. Sastry, A. Askell et al., “Language models are few-shot learners,” arXiv preprint arXiv:2005.14165, 2020.

A. Radford, J. Wu, R. Child, D. Luan, D. Amodei, and I. Sutskever, “Language models are unsupervised multitask learners,” in OpenAI Blog, 2019. [Online]. Available: https://openai.com/blog/better- language- models

A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. Gomez, Kaiser, and I. Polosukhin, “Attention is all you need,” in Advances in Neural Information Processing Systems, 2017, pp. 5998–6008.

[14] J. Devlin, M. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” arXiv preprint arXiv:1810.04805, 2018.

T. Wolf, L. Debut, V. Sanh, J. Chaumond, C. Delangue, A. Moi, P. Cistac, T. Rault, R. Louf, M. Funtowicz et al., “Transformers: State-of-the-art natural language processing,” Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 38–45, 2020.

[16] J. Harvard, S. Lee, and H. Kim, “Integrating large language models with cyber threat intelligence frameworks,” in 2021 IEEE International Conference on Cyber Security and Protection Systems (ICCSPS). IEEE, 2021, pp. 123–128.

T.Mikolov, I.Sutskever, K.Chen,G.Corrado, and J.Dean, “Distributed representations of words and phrases and their compositionality,” Advances in Neural Information Processing Systems, pp. 3111–3119, 2013.

I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning. Press, 2016. [Online]. Available: http://www.deeplearningbook.org

Kaggle, “Kaggle datasets for cybersecurity,” 2022. [Online]. Available: https://www.kaggle.com/datasets?search=cybersecurity

FireEye, “Advanced threats and cyber attacks report,” FireEye, 2023. [Online]. Available: https://www.fireeye.com/current-threats.html

Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning,” Nature, vol. 521, no. 7553, pp. 436–444, 2015.

S. Russell and P. Norvig, Artificial Intelligence: A Modern Approach, 4thed. Pearson,2019.

IEEE, “Ieee standards for cybersecurity,” 2022. [Online]. Available: https://standards.ieee.org/

N. I. of Standards and Technology, “Nist special publication on explainable ai,” 2020. [Online]. Available: https://www.nist.gov/ publications/explainable-artificial- intelligence

CISA, “Cybersecurityandinfrastructuresecurityagencyreports,”2023. [Online]. Available: https://www.cisa.gov/publications-reports

S. Lundberg and S.-I. Lee, “A unified approach to interpreting model predictions,” Advances in Neural Information Processing Systems, pp. 4765–4774, 2017.

D. Kingma and J. Ba, “Adam: A method for stochastic optimization,” in International Conference on Learning Representations (ICLR), 2015. [Online]. Available: https://arxiv.org/abs/1412.6980

I. Sharafaldin, H. Tara, and M. Alahmadi, “Cicids2017: A comprehensive dataset for network intrusion detection,” in 2020 International enisa threat- landscape- report- 2022 Conference on Information Networking (ICOIN). IEEE, 2020, pp.

Downloads

Published

2021-02-23

Issue

Vol. 12 No. 2 (2021): INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET)

Section

Articles

License

Copyright (c) 2021 Rajashekhar Reddy Kethireddy (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Rajashekhar Reddy Kethireddy. (2021). EXPLAINABLE AI FOR CYBER THREAT INTELLIGENCE USING LARGE LANGUAGE MODEL ARCHITECTURE. INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET), 12(2), 826-837. https://lib-index.com/index.php/IJARET/article/view/IJARET_12_02_083