News
AI-driven cyber threat and vulnerability tools
Anders Høst, PhD candidate

AI-driven cyber threat and vulnerability tools

Published:

In an age where digital security is paramount, the number of software vulnerabilities is increasing at rates not seen before. Anders Høst, a PhD candidate at Simula, is addressing this challenge head-on.

At present, the manual efforts to appropriately structure and handle critical vulnerability information are no longer sufficient, negatively impacting real-time defence systems. Thus, there is a pressing need for improved automation. Høst’s research focuses on leveraging knowledge graphs, to add structure and derive new relations in existing cybersecurity knowledge bases. He further applies large language models (LLMs) to automate the analysis, ultimately enabling quicker and more effective threat responses.

Evolution of a research focus

Høst's research on this topic began with his master’s thesis, where he explored the creation of knowledge graphs from vulnerability datasets. Knowledge graphs provide a structured representation of information, making it easier to map connections in the data and apply advanced techniques like graph machine learning. This foundational work evolved into his PhD research, driven by the need to better utilise the vast amounts of unstructured security data.   

  "A lot of security data in our domain is unstructured," Høst explains, “security analysts and other security professionals depend on this information, and we need to ensure it’s complete, accurate, and machine-readable to facilitate better operational use.”

His research has evolved over time, incorporating the latest advancements in AI and LLMs. Høst is now focused on translating technical documents into components that can be used by language models, enabling multi-faceted assessments of vulnerabilities. This innovative approach aims to determine the relevance of information by combining expert knowledge and LLM output to improve the quality of automated vulnerability analysis.

Impact and societal benefits

By developing tools that automate the processing of threat information, Høst’s research has the potential to benefit organisations and security experts. "The contribution can be to make the processing of threats easier to assess, prioritise and sort", says Høst, "for a better overview of what an attacker could do for a given vulnerability".   

The anticipated outcomes of this research include:

  • Faster threat response times    
  • Improved prioritisation of security vulnerabilities and mitigation of associated threats    
  • Enhanced accessibility and usability of security information for practitioners    
  • Increased automation of security processes    

Challenges and perseverance

Research is inherently uncertain, and Høst acknowledges the challenges of navigating the unknown.  "With research, you never know what you will find," he reflects. "Taking an idea all the way to something that is publishable is a challenge. As technology rapidly changes and information flows increase, security concepts continuously emerge and evolve. This makes standardisation harder, increases data ambiguity, and complicates training and testing machine learning models”.  Despite these challenges, Høst remains focused on achieving impactful results.   

Looking Ahead

Høst’s work aligns with Simula's mission, solving fundamental problems in ICT that benefits society. With the development of his PhD, he is optimistic about the potential of his research to contribute to the field of cybersecurity.   

Høst is pursuing his PhD in a collaboration between Simula and UiO at the Faculty of Mathematics and Natural Sciences in Oslo. Funding for this particular PhD is provided by The Norwegian Ministry of Education and Research.