Large Language Model Assisted Threat Modeling

Author

Isra Elsharef, University of Wisconsin-Milwaukee

Date of Award

December 2023

Degree Type

Thesis

Degree Name

Master of Science

Department

Computer Science

First Advisor

Zhen Zeng

Committee Members

Susan McRoy, Xiao Qin

Abstract

Threat modeling aims to identify and address potential threats early in the product development lifecycle, but is often a time-consuming process involving extensive collaboration between product security and development teams, and relying heavily on analyzing various input documentation. This thesis explores the use of Retrieval Augmented Generation (RAG) Large Language Models (LLMs) as an innovative approach to enhance the threat modeling process. This study is pioneering in its use of LLMs for this purpose and the creation of a subset of related vulnerabilities to be passed as input to make sure the model has access to up-to-date information. The findings of this study reveal the capability of utilizing a RAG LLM to assist in threat modeling.

Recommended Citation

Elsharef, Isra, "Large Language Model Assisted Threat Modeling" (2023). Theses and Dissertations. 3401.
https://dc.uwm.edu/etd/3401