Home // AISyS 2024, The First International Conference on AI-based Systems and Services // View article

ChatSEC: Spicing up Vulnerability Scans with AI for Heterogeneous University IT

Authors:
Mario Hoffmann
Erik Buchmann

Keywords: AI; Heterogeneous Infrastructure; IT Security

Abstract:
With their heterogeneous and self-administrative structure, universities and comparable institutions differ from others in the industry and business in terms of enforcing IT security policies. This makes it challenging for the CIO (Chief Information Officer) and IT department to enforce common IT security rules. Through fast pacing positional changes within research groups, information on installed and maintained systems, as well as responsibilities can be lost. This has a negative impact on IT security. In this paper, we describe our ongoing work on ChatSEC, our approach to improve the reports generated by a vulnerability scan appliance. By using large language models and external threat intelligence, ChatSEC generates intuitive explanations how to assess and mitigate the reported vulnerabilities. Our preliminary evaluation indicates, that ChatSEC has much potential to improve IT security at universities and similarly heterogeneous institutions.

Pages: 29 to 34

Copyright: Copyright (c) IARIA, 2024

Publication date: September 29, 2024

Published in: conference

ISBN: 978-1-68558-192-3

Location: Venice, Italy

Dates: from September 29, 2024 to October 3, 2024