English

CVE-LLM : Ontology-Assisted Automatic Vulnerability Evaluation Using Large Language Models

Computation and Language 2025-02-25 v1 Cryptography and Security

Abstract

The National Vulnerability Database (NVD) publishes over a thousand new vulnerabilities monthly, with a projected 25 percent increase in 2024, highlighting the crucial need for rapid vulnerability identification to mitigate cybersecurity attacks and save costs and resources. In this work, we propose using large language models (LLMs) to learn vulnerability evaluation from historical assessments of medical device vulnerabilities in a single manufacturer's portfolio. We highlight the effectiveness and challenges of using LLMs for automatic vulnerability evaluation and introduce a method to enrich historical data with cybersecurity ontologies, enabling the system to understand new vulnerabilities without retraining the LLM. Our LLM system integrates with the in-house application - Cybersecurity Management System (CSMS) - to help Siemens Healthineers (SHS) product cybersecurity experts efficiently assess the vulnerabilities in our products. Also, we present guidelines for efficient integration of LLMs into the cybersecurity tool.

Keywords

Cite

@article{arxiv.2502.15932,
  title  = {CVE-LLM : Ontology-Assisted Automatic Vulnerability Evaluation Using Large Language Models},
  author = {Rikhiya Ghosh and Hans-Martin von Stockhausen and Martin Schmitt and George Marica Vasile and Sanjeev Kumar Karn and Oladimeji Farri},
  journal= {arXiv preprint arXiv:2502.15932},
  year   = {2025}
}

Comments

arXiv admin note: substantial text overlap with arXiv:2407.14640

R2 v1 2026-06-28T21:53:32.919Z