EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Threat Modeling with Large Language Models - Automating Domain-Specific Language Creation in Meta Attack Language (MAL)
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.ORCID iD: 0000-0003-0478-9347
Number of Authors: 22025 (English)In: Conceptual Modeling: 44th International Conference, ER 2025, Poitiers, France, October 20–23, 2025, Proceedings / [ed] Dominik Bork; Roman Lukyanenko; Shazia Sadiq; Ladjel Bellatreche; Oscar Pasto, Springer , 2025, p. 146-164Conference paper, Published paper (Refereed)
Abstract [en]

Developing domain-specific Meta Attack Languages (MAL) is essential yet labor-intensive in cybersecurity threat modeling, demanding technical expertise to convert unstructured knowledge into formal models. This study presents MAL-LLM, a system that leverages Large Language Models (LLMs) to automate the generation of MAL languages from sources like technical documentation and incident reports. Using a Design Science Research approach, MAL-LLM produces syntactically correct and semantically rich MAL-Languages more efficiently than manual methods. It outperforms a baseline LLM and human-created models in speed and structural accuracy, with minimal errors. Qualitative evaluation via the ExPerT framework shows high recall and domain relevance, though precision varies with source complexity. The system also generates executable MAL-related files for integration into existing toolchains. This work shows that LLMs can reduce development time and improve model quality, though challenges like hallucination control and stylistic consistency remain.
Place, publisher, year, edition, pages
Springer , 2025. p. 146-164
Series
Lecture Notes in Computer Science (LNCS), ISSN 0302-9743, E-ISSN 1611-3349 ; 16189
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-248738DOI: 10.1007/978-3-032-08623-5_8Scopus ID: 2-s2.0-105020663036ISBN: 978-3-032-08623-5 (electronic)ISBN: 978-3-032-08622-8 (print)OAI: oai:DiVA.org:su-248738DiVA, id: diva2:2010363
Conference
44th International Conference, ER 2025, Poitiers, France, October 20–23, 2025.
Available from: 2025-10-30 Created: 2025-10-30 Last updated: 2025-11-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Hacks, Simon

Search in DiVA

By author/editor
Pathe, Thomas RicardoHacks, Simon
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 15 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Stockholm University Library
|
DiVA portal
|
DiVA Contact
|
DiVA Log in