{"id":"https://openalex.org/W7127101820","doi":"https://doi.org/10.1109/access.2026.3659205","title":"ChatNVD: Advancing Cybersecurity Vulnerability Assessment With Large Language Models","display_name":"ChatNVD: Advancing Cybersecurity Vulnerability Assessment With Large Language Models","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7127101820","doi":"https://doi.org/10.1109/access.2026.3659205"},"language":"en","primary_location":{"id":"doi:10.1109/access.2026.3659205","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3659205","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2026.3659205","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Shivansh Chopra","orcid":"https://orcid.org/0009-0003-4001-5610"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Shivansh Chopra","raw_affiliation_strings":["The University of Adelaide, Adelaide, SA, Australia"],"raw_orcid":"https://orcid.org/0009-0003-4001-5610","affiliations":[{"raw_affiliation_string":"The University of Adelaide, Adelaide, SA, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124750389","display_name":"Hussain Ahmad","orcid":null},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hussain Ahmad","raw_affiliation_strings":["The University of Adelaide, Adelaide, SA, Australia"],"raw_orcid":"https://orcid.org/0000-0001-8815-7587","affiliations":[{"raw_affiliation_string":"The University of Adelaide, Adelaide, SA, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084412291","display_name":"Diksha Goel","orcid":"https://orcid.org/0000-0001-8212-8793"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Diksha Goel","raw_affiliation_strings":["CSIRO&#x2019;s Data61, Melbourne, VIC, Australia"],"raw_orcid":"https://orcid.org/0000-0001-8212-8793","affiliations":[{"raw_affiliation_string":"CSIRO&#x2019;s Data61, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016821538","display_name":"Claudia Szabo","orcid":"https://orcid.org/0000-0003-2501-1155"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Claudia Szabo","raw_affiliation_strings":["The University of Adelaide, Adelaide, SA, Australia"],"raw_orcid":"https://orcid.org/0000-0003-2501-1155","affiliations":[{"raw_affiliation_string":"The University of Adelaide, Adelaide, SA, Australia","institution_ids":["https://openalex.org/I5681781"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I5681781"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.13557212,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"14","issue":null,"first_page":"18595","last_page":"18610"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.5835999846458435,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.5835999846458435,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.07930000126361847,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.04899999871850014,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7592999935150146},{"id":"https://openalex.org/keywords/sophistication","display_name":"Sophistication","score":0.733299970626831},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.6542999744415283},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.6468999981880188},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5892999768257141},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5600000023841858},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.49540001153945923},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4154999852180481}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7930999994277954},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7592999935150146},{"id":"https://openalex.org/C168725872","wikidata":"https://www.wikidata.org/wiki/Q991663","display_name":"Sophistication","level":2,"score":0.733299970626831},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.6542999744415283},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6478999853134155},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.6468999981880188},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5892999768257141},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5600000023841858},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.49540001153945923},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4154999852180481},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.41499999165534973},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4036000072956085},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.361299991607666},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.329800009727478},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3296000063419342},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3273000121116638},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.3156000077724457},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.28279998898506165},{"id":"https://openalex.org/C179603123","wikidata":"https://www.wikidata.org/wiki/Q1941921","display_name":"Modeling language","level":3,"score":0.27480000257492065},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.27379998564720154},{"id":"https://openalex.org/C160713754","wikidata":"https://www.wikidata.org/wiki/Q1389965","display_name":"Maintainability","level":2,"score":0.2703999876976013},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.26600000262260437},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2587999999523163},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.2524000108242035}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2026.3659205","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3659205","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:5d1248937c81423d8351547c28a5dc84","is_oa":false,"landing_page_url":"https://doaj.org/article/5d1248937c81423d8351547c28a5dc84","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 14, Pp 18595-18610 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2026.3659205","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3659205","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.831792414188385,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W2027707376","https://openalex.org/W2150874198","https://openalex.org/W2246727060","https://openalex.org/W2911656621","https://openalex.org/W2946870453","https://openalex.org/W3201174429","https://openalex.org/W3205597845","https://openalex.org/W4205711848","https://openalex.org/W4309674289","https://openalex.org/W4312690534","https://openalex.org/W4319079731","https://openalex.org/W4361014898","https://openalex.org/W4372266846","https://openalex.org/W4382567310","https://openalex.org/W4385245566","https://openalex.org/W4385632485","https://openalex.org/W4385734098","https://openalex.org/W4386253646","https://openalex.org/W4386420783","https://openalex.org/W4386753580","https://openalex.org/W4388971978","https://openalex.org/W4391043254","https://openalex.org/W4391136507","https://openalex.org/W4391855109","https://openalex.org/W4391876619","https://openalex.org/W4392849751","https://openalex.org/W4393883107","https://openalex.org/W4394791261","https://openalex.org/W4400893073","https://openalex.org/W4401044042","https://openalex.org/W4401734604","https://openalex.org/W4402218089","https://openalex.org/W4403447112","https://openalex.org/W4408864216","https://openalex.org/W4415482493","https://openalex.org/W4415798574"],"related_works":[],"abstract_inverted_index":{"The":[0],"increasing":[1,37],"frequency":[2],"and":[3,16,29,36,84,108,130,147],"sophistication":[4],"of":[5,40,68,75,97,138],"cybersecurity":[6,151],"vulnerabilities":[7],"in":[8,150],"software":[9],"systems":[10],"underscores":[11],"the":[12,38,59,66,119,136],"need":[13],"for":[14,34,143],"robust":[15],"reliable":[17],"vulnerability":[18,69,145],"assessment":[19],"methods.":[20],"However,":[21],"existing":[22],"approaches":[23],"often":[24],"rely":[25],"on":[26],"highly":[27],"technical":[28],"abstract":[30],"frameworks,":[31],"limiting":[32],"accessibility":[33,67],"practitioners":[35],"risk":[39],"exploitation.":[41],"In":[42],"this":[43],"paper,":[44],"we":[45,93],"introduce":[46],"ChatNVD,":[47],"a":[48,95],"support":[49],"tool":[50],"powered":[51],"by":[52],"Large":[53],"Language":[54],"Models":[55],"(LLMs)":[56],"that":[57,114],"leverages":[58],"National":[60],"Vulnerability":[61],"Database":[62],"(NVD)":[63],"to":[64],"enhance":[65],"information.":[70],"We":[71],"develop":[72],"three":[73],"variants":[74],"ChatNVD":[76],"using":[77],"GPT-4o":[78,115],"Mini":[79,116],"(OpenAI),":[80],"LLaMA":[81],"3":[82],"(Meta),":[83],"Gemini":[85],"1.5":[86],"Pro":[87],"(Google).":[88],"To":[89],"evaluate":[90],"their":[91],"performance,":[92],"design":[94],"benchmark":[96],"structured":[98],"queries":[99],"derived":[100],"from":[101],"real":[102],"CVE":[103],"records,":[104],"covering":[105],"temporal,":[106],"descriptive,":[107],"metric-based":[109],"attributes.":[110],"Our":[111],"results":[112],"show":[113],"consistently":[117],"outperforms":[118],"other":[120],"models,":[121],"achieving":[122],"over":[123],"92%":[124],"exact-match":[125],"accuracy":[126],"with":[127],"lower":[128],"hallucination":[129],"error":[131],"rates.":[132],"These":[133],"findings":[134],"demonstrate":[135],"potential":[137],"lightweight,":[139],"retrieval-augmented":[140],"LLM":[141],"workflows":[142],"supporting":[144],"management":[146],"operational":[148],"decision-making":[149],"contexts.":[152]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-10T08:33:47.465468","created_date":"2026-02-03T00:00:00"}