HWREx: AI-enabled Hardware Weakness and Risk Exploration and Storytelling Framework with LLM-assisted Mitigation Suggestion

The growing complexity of modern computing frameworks has led to an increase in cybersecurity vulnerabilities reported to the National Vulnerability Database (NVD). Extracting meaningful trends from this vast amount of unstructured data is challenging without proper tools and methodologies. Existing approaches lack a holistic strategy for vulnerability mitigation and prediction and effective knowledge extraction from the Common Weakness Enumeration (CWE), Common Vulnerability Exposure (CVE), and Common Attack Pattern Enumeration and Classification (CAPEC) databases. We introduce the AI-enabled Hardware Weakness and Risk Exploration and Storytelling Framework with LLM-assisted Mitigation Suggestion (HWREx), designed to address hardware vulnerabilities and IoT security. Our architecture features an Ontology-driven Storytelling capability that automates ontology updates to track vulnerability patterns and evolution over time, while offering mitigation strategies. It also clarifies the complex interrelations among CVEs, CWEs, and CAPECs through interactive visual knowledge graphs. Our framework achieved accuracy rates of 62% for CWE-CWE, 83% for CWE-CVE, and 77% for CWE-CAPEC linkage predictions. These graphs are instrumental for in-depth hardware weakness analysis and enable HWREx to deliver comprehensive assessments and actionable mitigation strategies. Additionally, HWREx utilizes Generative Pre-trained Transformers (GPT) to offer tailored mitigation suggestions.