The reviewed record of science sign in
Pith

arxiv: 2506.04838 · v1 · pith:TG4GIIBL · submitted 2025-06-05 · cs.CR · cs.AI

On Automating Security Policies with Contemporary LLMs

Reviewed by Pithpith:TG4GIIBLopen to challenge →

classification cs.CR cs.AI
keywords policiesautomatingllmsmitigationsecurityactionableadaptiveapproach
0
0 comments X
read the original abstract

The complexity of modern computing environments and the growing sophistication of cyber threats necessitate a more robust, adaptive, and automated approach to security enforcement. In this paper, we present a framework leveraging large language models (LLMs) for automating attack mitigation policy compliance through an innovative combination of in-context learning and retrieval-augmented generation (RAG). We begin by describing how our system collects and manages both tool and API specifications, storing them in a vector database to enable efficient retrieval of relevant information. We then detail the architectural pipeline that first decomposes high-level mitigation policies into discrete tasks and subsequently translates each task into a set of actionable API calls. Our empirical evaluation, conducted using publicly available CTI policies in STIXv2 format and Windows API documentation, demonstrates significant improvements in precision, recall, and F1-score when employing RAG compared to a non-RAG baseline.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.