We introduces Crimson, a system that enhances the strategic reasoning capabilities of Large Language Models (LLMs) within the realm of cybersecurity. By correlating CVEs with MITRE ATT&CK techniques, Crimson advances threat anticipation and strategic defense efforts. Our approach includes defining and evaluating cybersecurity strategic tasks, alongside implementing a comprehensive human-in-the-loop data-synthetic workflow to develop the CVE-to-ATT&CK Mapping (CVEM) dataset. We further enhance LLMs' reasoning abilities through a novel Retrieval-Aware Training (RAT) process and its refined iteration, RAT-R. Our findings demonstrate that an LLM fine-tuned with our techniques, possessing 7 billion parameters, approaches the performance level of GPT-4, showing markedly lower rates of hallucination and errors, and surpassing other models in strategic reasoning tasks. Moreover, domain-specific fine-tuning of embedding models significantly improves performance within cybersecurity contexts, underscoring the efficacy of our methodology. By leveraging Crimson to convert raw vulnerability data into structured and actionable insights, we bolster proactive cybersecurity defenses.

翻译：本文介绍了Crimson系统，该系统旨在增强大语言模型在网络安全领域的战略推理能力。通过将CVE与MITRE ATT&CK技术进行关联，Crimson推进了威胁预见与战略防御工作。我们的方法包括定义和评估网络安全战略任务，同时实施一个全面的人机协同数据合成工作流，以构建CVE到ATT&CK映射（CVEM）数据集。我们进一步通过一种新颖的检索感知训练（RAT）流程及其改进版本RAT-R来增强大语言模型的推理能力。实验结果表明，采用我们的技术微调后的70亿参数大语言模型，其性能接近GPT-4水平，幻觉率和错误率显著降低，并在战略推理任务中超越其他模型。此外，对嵌入模型进行领域特定微调可显著提升网络安全背景下的性能，这充分验证了我们方法的有效性。通过利用Crimson将原始漏洞数据转化为结构化且可操作的洞察，我们强化了主动式网络安全防御体系。