Full Program
Summary:
Intrusion Detection Systems (IDS) are essential for effective cyber-defense. Signature-based IDS operate using specific rules which are difficult to generate due to the evolving cybersecurity landscape. To this end, this work proposes a rule generation framework, called RuleXploit, which uses Large Language Models (LLMs) to generate rules from exploits. The proposed framework is composed of two components: the \textit{RuleXploit Generator}, which produces rules using structured prompts and examples, and the \textit{RuleXploit Refinery}, which validates and refines these rules for accuracy and effectiveness. The RuleXploit framework is demonstrated via the GPT-4o model, configured with tailored prompt engineering techniques and settings. RuleXploit successfully generated 100\% syntactically valid rules and achieved an effectiveness rate of 76.67\% in detecting malicious traffic. This work presents the first approach to generate IDS rules from the exploit code of a vulnerability, offering a novel way towards the successful mitigation of cyber attacks.Author(s):
Angelos Papoutsis
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Athanasios Dimitriadis
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Ilias Koritsas
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Dimitris Kavallieros
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Theodora Tsikrika
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Stefanos Vrochidis
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Ioannis Kompatsiaris
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece