21th AIAI 2025, 26 - 29 June 2025, Limassol, Cyprus

Vulnerability Patch Prediction using LLM based Bert Model with Trustworthy AI Practice for Cyber Security Enhancement

Basheer Nihala, Islam Shareeful, Papastergiou Spyridon , Mouratidis Haralambos , Nikolaos Papagiannopoulos

Abstract:

  The regular update of the security vulnerabilities is crucial for an organization to mitigate the possibilities of their potential exploitation that can pose for cyber-attack. Despite their importance, timely updates are not always guaranteed, and many vulnerabilities remain unpatched for extended period of time which increases any security risk to the organiza-tions. Organizations generally update patches manually, which introduces delays towards mitigation of potential exploitation and require huge effort and resources. In this context, we propose a novel approach that uses Large Language Model (LLM)-based CodeBERT model to predict the availability of an update or a patch relevant for the vulnerabilities. The approach adopts key trustworthy AI characteristics, including biasness and explainability, to operationalize trustworthy AI practice for the LLM-based CodeBERT model. The work has been evaluated on a real-world use case scenario from Athens International Airport to demonstrate the applicability of the approach through a test environment that emulates the airport's critical operating systems. Assets from key systems such as flight information dis-play and access control have been considered in airports and associated with vulnerabilities. The results from the study show that the update is predicated for the key vulnerabilities such as CVE-2017-8464 and CVE-2020-1472 which link with Windows 7-based access control system and Oracle-based AODB database server of the use case scenario respective-ly. Also, model explainability is improved by the feature importance using SHAP and correlation using Heatmap technique. The key features for the model decision making are exploitability_score, epss, and attack_complexity. Trusworhty AI practice is also ensured through bias mitigating techniques.  

*** Title, author list and abstract as submitted during Camera-Ready version delivery. Small changes that may have occurred during processing by Springer may not appear in this window.