TY - GEN
T1 - PenHeal
T2 - 1st International Workshop on Autonomous Cybersecurity, AutonomousCyber 2024, As part of the 31st ACM Conference on Computer and Communications Security, ACM CCS 2024
AU - Huang, Junjie
AU - Zhu, Quanyan
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/11/7
Y1 - 2024/11/7
N2 - Recent advances in Large Language Models (LLMs) have shown significant potential in enhancing cybersecurity defenses against sophisticated threats. LLM-based penetration testing is an essential step in automating system security evaluations by identifying vulnerabilities. Remediation, the subsequent crucial step, addresses these discovered vulnerabilities. Since details about vulnerabilities, exploitation methods, and software versions offer crucial insights into system weaknesses, integrating penetration testing with vulnerability remediation into a cohesive system has become both intuitive and necessary. This paper introduces PenHeal, a two-stage LLM-based framework designed to autonomously identify and mitigate security vulnerabilities. The framework integrates two LLM-enabled components: the Pentest Module, which detects multiple vulnerabilities within a system, and the Remediation Module, which recommends optimal remediation strategies. The integration is facilitated through Counterfactual Prompting and an Instructor module that guides the LLMs using external knowledge to explore multiple potential attack paths effectively. Our experimental results demonstrate that PenHeal not only automates the identification and remediation of vulnerabilities but also significantly improves vulnerability coverage by 31%, increases the effectiveness of remediation strategies by 32%, and reduces the associated costs by 46% compared to baseline models. These outcomes highlight the trans-formative potential of LLMs in reshaping cybersecurity practices, offering an innovative solution to defend against cyber threats.
AB - Recent advances in Large Language Models (LLMs) have shown significant potential in enhancing cybersecurity defenses against sophisticated threats. LLM-based penetration testing is an essential step in automating system security evaluations by identifying vulnerabilities. Remediation, the subsequent crucial step, addresses these discovered vulnerabilities. Since details about vulnerabilities, exploitation methods, and software versions offer crucial insights into system weaknesses, integrating penetration testing with vulnerability remediation into a cohesive system has become both intuitive and necessary. This paper introduces PenHeal, a two-stage LLM-based framework designed to autonomously identify and mitigate security vulnerabilities. The framework integrates two LLM-enabled components: the Pentest Module, which detects multiple vulnerabilities within a system, and the Remediation Module, which recommends optimal remediation strategies. The integration is facilitated through Counterfactual Prompting and an Instructor module that guides the LLMs using external knowledge to explore multiple potential attack paths effectively. Our experimental results demonstrate that PenHeal not only automates the identification and remediation of vulnerabilities but also significantly improves vulnerability coverage by 31%, increases the effectiveness of remediation strategies by 32%, and reduces the associated costs by 46% compared to baseline models. These outcomes highlight the trans-formative potential of LLMs in reshaping cybersecurity practices, offering an innovative solution to defend against cyber threats.
KW - Cybersecurity Automation
KW - LLMs
KW - Penetration Testing
KW - Retrieval-Augmented Generation
KW - Vulnerability Remediation
UR - http://www.scopus.com/inward/record.url?scp=85212221373&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85212221373&partnerID=8YFLogxK
U2 - 10.1145/3689933.3690831
DO - 10.1145/3689933.3690831
M3 - Conference contribution
AN - SCOPUS:85212221373
T3 - AutonomousCyber 2024 - Proceedings of the Workshop on Autonomous Cybersecurity, Co-Located with: CCS 2024
SP - 11
EP - 22
BT - AutonomousCyber 2024 - Proceedings of the Workshop on Autonomous Cybersecurity, Co-Located with
PB - Association for Computing Machinery, Inc
Y2 - 14 October 2024 through 18 October 2024
ER -