Kim Hammar (Department of Electrical and Electronic Engineering, University of Melbourne, Australia), Tansu Alpcan (Department of Electrical and Electronic Engineering, University of Melbourne, Australia), Emil C. Lupu (Department of Computing, Imperial College London, United Kingdom)

Timely and effective incident response is key to managing the growing frequency of cyberattacks. However, identifying the right response actions for complex systems is a major technical challenge. A promising approach to mitigate this challenge is to use the security knowledge embedded in large language models (LLMs) to assist security operators during incident handling. Recent research has demonstrated the potential of this approach, but current methods are mainly based on prompt engineering of frontier LLMs, which is costly and prone to hallucinations. We address these limitations by presenting a novel way to use an LLM for incident response planning with reduced hallucination. Our method includes three steps: fine-tuning, information retrieval, and lookahead planning. We prove that our method generates response plans with a bounded probability of hallucination and that this probability can be made arbitrarily small at the expense of increased planning time under certain assumptions. Moreover, we show that our method is lightweight and can run on commodity hardware. We evaluate our method on logs from incidents reported in the literature. The experimental results show that our method a) achieves up to 22% shorter recovery times than frontier LLMs and b) generalizes to a broad range of incident types and response actions.

View More Papers

PhyFuzz: Detecting Sensor Vulnerabilities with Physical Signal Fuzzing

Zhicong Zheng (Zhejiang University), Jinghui Wu (Zhejiang University), Shilin Xiao (Zhejiang University), Yanze Ren (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University)

Read More

LOKI: Proactively Discovering Online Scam Websites by Mining Toxic...

Pujan Paudel (Boston University), Gianluca Stringhini (Boston University)

Read More

Through the Authentication Maze: Detecting Authentication Bypass Vulnerabilities in...

Nanyu Zhong (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences; Beijing Key Laboratory of Network Security and Protection Technology), Yuekang Li (University of New South Wales), Yanyan Zou (Institute of Information Engineering, Chinese Academy of…

Read More