Successful defense against dynamically evolving cyber threats requires advanced and sophisticated techniques. This research presents a novel approach to enhance real-time cybersecurity threat detection and response by integrating large language models (LLMs) and Retrieval-Augmented Generation (RAG) systems with continuous threat intelligence feeds. Leveraging recent advancements in LLMs, specifically GPT-4o, and the innovative application of RAG techniques, our approach addresses the limitations of traditional static threat analysis by incorporating dynamic, real-time data sources. We leveraged RAG to get the latest information in real-time for threat intelligence, which is not possible in the existing GPT-4o model. We employ the Patrowl framework to automate the retrieval of diverse cybersecurity threat intelligence feeds, including Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), Exploit Prediction Scoring System (EPSS), and Known Exploited Vulnerabilities (KEV) databases, and integrate these with the all-mpnet-base-v2 model for high-dimensional vector embeddings, stored and queried in Milvus. We demonstrate our system's efficacy through a series of case studies, revealing significant improvements in addressing recently disclosed vulnerabilities, KEVs, and high-EPSS-score CVEs compared to the baseline GPT-4o. This work not only advances the role of LLMs in cybersecurity but also establishes a robust foundation for the development of automated intelligent cyberthreat information management systems, addressing crucial gaps in current cybersecurity practices.

翻译：成功防御动态演变的网络威胁需要先进且复杂的技术。本研究提出了一种新颖方法，通过将大语言模型（LLMs）和检索增强生成（RAG）系统与持续威胁情报流相集成，以增强实时网络安全威胁检测与响应能力。该方法利用LLMs（特别是GPT-4o）的最新进展以及RAG技术的创新应用，通过整合动态实时数据源，解决了传统静态威胁分析的局限性。我们利用RAG实时获取最新的威胁情报信息，这在现有的GPT-4o模型中无法实现。我们采用Patrowl框架自动化检索多样化的网络安全威胁情报流，包括通用漏洞披露（CVE）、通用缺陷枚举（CWE）、漏洞利用预测评分系统（EPSS）和已知已利用漏洞（KEV）数据库，并将其与all-mpnet-base-v2模型集成以生成高维向量嵌入，存储并查询于Milvus向量数据库中。通过一系列案例研究，我们证明了该系统的有效性：相较于基线GPT-4o模型，在处理最新披露的漏洞、KEV条目以及高EPSS评分的CVE方面显示出显著改进。这项工作不仅推进了LLMs在网络安全领域的应用，还为开发自动化智能网络威胁信息管理系统奠定了坚实基础，弥补了当前网络安全实践中的关键空白。