|
|
|
|
|
|
by Zamaamiro
384 days ago
|
|
|
I’m working on a research cybersecurity tool that attempts to combine the natural language understanding and information synthesis strengths of LLM-driven agents with symbolic logic and knowledge bases expressed as Datalog programs for determinism and declarative semantics. The approach is to perform system scanning using a combination of LLMs and traditional algorithms to dynamically populate a Datalog knowledge base. The facts of the program are constrained to a predefined “model schema” of sorts and a predefined set of rules that encode specialized domain knowledge of how new facts can be derived from known facts. We generate proof trees / attack graphs from the knowledge base and queries posed to it. The attack graph uses big-step semantics to plan and guide the execution flow, and the system dispatches to agents with tool use to fill in the details and implement the small-step semantics, so to speak. This may include API calls to a Metasploit Framework server or RAG over vulnerability and exploit databases. We use Pydantic AI to constrain the LLM output to predefined schemas at each step, with a dash of fuzzy string matching and processing to enforce canonicalization of, e.g., software names and other entities. Tl;dr: neurosymbolic AI research tool for cybersecurity analysis and pentesting. |
|
|