The escalating complexity of modern computing frameworks has resulted in a surge in the cybersecurity vulnerabilities reported to the National Vulnerability Database (NVD) by practitioners. Despite the fact that the stature of NVD is one of the most significant databases for the latest insights into vulnerabilities, extracting meaningful trends from such a large amount of unstructured data is still challenging without the application of suitable technological methodologies. Previous efforts have mostly concentrated on software vulnerabilities; however, a holistic strategy incorporates approaches for mitigating vulnerabilities, score prediction, and a knowledge-generating system that may extract relevant insights from the Common Weakness Enumeration (CWE) and Common Vulnerability Exchange (CVE) databases is notably absent. As the number of hardware attacks on Internet of Things (IoT) devices continues to rapidly increase, we present the Hardware Vulnerability to Weakness Mapping (HW-V2W-Map) Framework, which is a Machine Learning (ML) framework focusing on hardware vulnerabilities and IoT security. The architecture that we have proposed incorporates an Ontology-driven Storytelling framework, which automates the process of updating the ontology in order to recognize patterns and evolution of vulnerabilities over time and provides approaches for mitigating the vulnerabilities. The repercussions of vulnerabilities can be mitigated as a result of this, and conversely, future exposures can be predicted and prevented. Furthermore, our proposed framework utilized Generative Pre-trained Transformer (GPT) Large Language Models (LLMs) to provide mitigation suggestions.

翻译：现代计算框架复杂性的不断攀升，导致从业者向国家漏洞数据库（NVD）报告的网络安全漏洞数量激增。尽管NVD作为获取最新漏洞洞察的最重要数据库之一，但在缺乏适当技术方法论的情况下，从如此大量的非结构化数据中提取有意义的趋势仍具挑战性。以往研究多集中于软件漏洞，但缺乏一种整合漏洞缓解方法、评分预测及知识生成系统的整体策略——该系统可从通用弱点枚举（CWE）与通用漏洞披露（CVE）数据库中提取相关洞见。随着物联网（IoT）设备遭受硬件攻击的频率持续快速上升，我们提出了硬件漏洞至弱点映射（HW-V2W-Map）框架，这是一个专注于硬件漏洞与物联网安全的机器学习（ML）框架。所提出的架构融合了本体驱动叙事框架，通过自动化本体更新过程来识别漏洞随时间的模式与演化规律，并提供漏洞缓解方案。此举不仅能减轻现有漏洞的影响，还可预测并防范未来风险。此外，本框架利用生成式预训练变换器（GPT）大语言模型（LLMs）生成缓解建议。