Litcius/Paper detail

CVE-LLM: Ontology-Assisted Automatic Vulnerability Evaluation Using Large Language Models

Rikhiya Ghosh, Hans‐Martin von Stockhausen, Martin Schmitt, George Marica Vasile, Sanjeev Kumar Karn, Oladimeji Farri

2025Proceedings of the AAAI Conference on Artificial Intelligence13 citationsDOIOpen Access PDF

Abstract

The National Vulnerability Database (NVD) publishes over a thousand new vulnerabilities monthly, with a projected 25 percent increase in 2024, highlighting the crucial need for rapid vulnerability identification to mitigate cybersecurity attacks and save costs and resources. In this work, we propose using large language models (LLMs) to learn vulnerability evaluation from historical assessments of medical device vulnerabilities in a single manufacturer's portfolio. We highlight the effectiveness and challenges of using LLMs for automatic vulnerability evaluation and introduce a method to enrich historical data with cybersecurity ontologies, enabling the system to understand new vulnerabilities without retraining the LLM. Our LLM system integrates with the in-house application - Cybersecurity Management System (CSMS) - to help Siemens Healthineers (SHS) product cybersecurity experts efficiently assess the vulnerabilities in our products. Also, we present guidelines for efficient integration of LLMs into the cybersecurity tool.

Topics & Concepts

Computer scienceOntologyVulnerability (computing)Natural language processingComputer securityEpistemologyPhilosophyWeb Application Security VulnerabilitiesNetwork Security and Intrusion DetectionInformation and Cyber Security