Applications of LLMs for Generating Cyber Security Exercise Scenarios

Abstract

Read online

This study proposes a novel approach leveraging Large Language Models (LLMs) to generate dynamic and complex adaptable cybersecurity exercise scenarios. Motivated by Turing’s seminal exploration into machine cognition, which questions the ability of machines to mimic human thought and intelligence. By exploiting the generative potential of LLMs, our methodology simulates a wide range of cyber threats, both known and novel, thereby enhancing cybersecurity training and awareness. This approach transforms the potential for ‘hallucination’ inherent in LLMs into a potential advantage, enabling the creation of complex exercise scenarios that push the boundaries of traditional cybersecurity training. The innovation lies in the sophisticated application of AI, aiming to advance the preparedness of security professionals against diverse cyber threats. The scenarios generated through this method were subject to meticulous testing and a rigorous evaluation process involving (Generated Pre-Trained Transformer) GPT models and expert review to ensure their realism and applicability. In this paper, we introduce ‘CyExec,’ a novel approach leveraging GPT to dynamically generate cybersecurity training scenarios. Furthermore, the prompts provided to the LLMs were meticulously designed to adopt a Retrieval-Augmented Generation (RAG) approach, enriching the complexity and relevance of the scenarios. This incorporation of RAG, alongside the inspiration drawn from Turing’s exploration of machine intelligence, showcases an advanced application of AI in cybersecurity training, reflecting a deep understanding of how machines can augment our capabilities to anticipate and mitigate cyber threats.

Keywords

• Cyber security exercise scenarios
• large language models
• bounded rationality
• generative configurations
• Halluciation in LLMs