There is a notable increase in cyberattacks, targeting vital digital services like energy, water, oil plants, communication and transportation infrastructure, etc. The lack of right cybersecurity and resilience solutions can transform the blessing of the digital transformation into a curse, thus leaving significant societal threats and economic damage. Security Operation Centers (SOC) are therefore becoming a necessary part of every digital and critical infrastructure with the main roles of defining cybersecurity policies, processes, and implementing detection and response mechanisms and tools. Existing SOC tools like SIEM/SOAR/XDR are mainly good at the detection part, whereas human analysts are still required to investigate and respond on each potential vulnerability or threat event. Analysis can have different levels of responsibilities, e.g., L1 escalates first checked vulnerability alerts to L2 for further investigation. With the advent of LLM, we envision a great opportunity to build an analyst assistant GPT tool that can infer additional insights and partial auto investigations from the data and environment. The expectation is to make the analyst’s investigation faster and easier and thus thwart any threat asap. This project explores the feasibility and capabilities of using LLMs for detection and for different analysts' assistant levels. The intern’s focus will be on one of these tasks.

The objectives of the project will be to: - explore state-of-the-art research and practice together with PhDs and researchers; - help on defining and solving a problem conceptually; - implement a Proof-of-Concept solution with evaluation/simulation; and - contribute and coauthor a scientific paper. More details can be shared and defined after admission and specific topic selection.