{"id":"https://openalex.org/W4413679449","doi":"https://doi.org/10.1109/csr64739.2025.11130010","title":"RuleXploit: A Framework for Generating Suricata Rules from Exploits Using Generative AI","display_name":"RuleXploit: A Framework for Generating Suricata Rules from Exploits Using Generative AI","publication_year":2025,"publication_date":"2025-08-04","ids":{"openalex":"https://openalex.org/W4413679449","doi":"https://doi.org/10.1109/csr64739.2025.11130010"},"language":"en","primary_location":{"id":"doi:10.1109/csr64739.2025.11130010","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130010","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052217950","display_name":"Angelos Papoutsis","orcid":null},"institutions":[{"id":"https://openalex.org/I4210134249","display_name":"Centre for Research and Technology Hellas","ror":"https://ror.org/03bndpq63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210134249"]},{"id":"https://openalex.org/I4210093649","display_name":"Information Technologies Institute","ror":"https://ror.org/0069akp70","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I4210093649"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"Angelos Papoutsis","raw_affiliation_strings":["Information Technologies Institute, CERTH,Thessaloniki,Greece"],"affiliations":[{"raw_affiliation_string":"Information Technologies Institute, CERTH,Thessaloniki,Greece","institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088420846","display_name":"Athanasios Dimitriadis","orcid":"https://orcid.org/0000-0003-2445-5977"},"institutions":[{"id":"https://openalex.org/I4210093649","display_name":"Information Technologies Institute","ror":"https://ror.org/0069akp70","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I4210093649"]},{"id":"https://openalex.org/I4210134249","display_name":"Centre for Research and Technology Hellas","ror":"https://ror.org/03bndpq63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210134249"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Athanasios Dimitriadis","raw_affiliation_strings":["Information Technologies Institute, CERTH,Thessaloniki,Greece"],"affiliations":[{"raw_affiliation_string":"Information Technologies Institute, CERTH,Thessaloniki,Greece","institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007089704","display_name":"Ilias Koritsas","orcid":null},"institutions":[{"id":"https://openalex.org/I4210134249","display_name":"Centre for Research and Technology Hellas","ror":"https://ror.org/03bndpq63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210134249"]},{"id":"https://openalex.org/I4210093649","display_name":"Information Technologies Institute","ror":"https://ror.org/0069akp70","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I4210093649"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Ilias Koritsas","raw_affiliation_strings":["Information Technologies Institute, CERTH,Thessaloniki,Greece"],"affiliations":[{"raw_affiliation_string":"Information Technologies Institute, CERTH,Thessaloniki,Greece","institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060430485","display_name":"Dimitrios Kavallieros","orcid":"https://orcid.org/0000-0002-2677-6347"},"institutions":[{"id":"https://openalex.org/I4210093649","display_name":"Information Technologies Institute","ror":"https://ror.org/0069akp70","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I4210093649"]},{"id":"https://openalex.org/I4210134249","display_name":"Centre for Research and Technology Hellas","ror":"https://ror.org/03bndpq63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210134249"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Dimitrios Kavallieros","raw_affiliation_strings":["Information Technologies Institute, CERTH,Thessaloniki,Greece"],"affiliations":[{"raw_affiliation_string":"Information Technologies Institute, CERTH,Thessaloniki,Greece","institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045426580","display_name":"Theodora Tsikrika","orcid":"https://orcid.org/0000-0003-4148-9028"},"institutions":[{"id":"https://openalex.org/I4210134249","display_name":"Centre for Research and Technology Hellas","ror":"https://ror.org/03bndpq63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210134249"]},{"id":"https://openalex.org/I4210093649","display_name":"Information Technologies Institute","ror":"https://ror.org/0069akp70","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I4210093649"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Theodora Tsikrika","raw_affiliation_strings":["Information Technologies Institute, CERTH,Thessaloniki,Greece"],"affiliations":[{"raw_affiliation_string":"Information Technologies Institute, CERTH,Thessaloniki,Greece","institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065313479","display_name":"Stefanos Vrochidis","orcid":"https://orcid.org/0000-0002-2505-9178"},"institutions":[{"id":"https://openalex.org/I4210134249","display_name":"Centre for Research and Technology Hellas","ror":"https://ror.org/03bndpq63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210134249"]},{"id":"https://openalex.org/I4210093649","display_name":"Information Technologies Institute","ror":"https://ror.org/0069akp70","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I4210093649"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Stefanos Vrochidis","raw_affiliation_strings":["Information Technologies Institute, CERTH,Thessaloniki,Greece"],"affiliations":[{"raw_affiliation_string":"Information Technologies Institute, CERTH,Thessaloniki,Greece","institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084122016","display_name":"Ioannis Kompatsiaris","orcid":"https://orcid.org/0000-0001-6447-9020"},"institutions":[{"id":"https://openalex.org/I4210134249","display_name":"Centre for Research and Technology Hellas","ror":"https://ror.org/03bndpq63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210134249"]},{"id":"https://openalex.org/I4210093649","display_name":"Information Technologies Institute","ror":"https://ror.org/0069akp70","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I4210093649"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Ioannis Kompatsiaris","raw_affiliation_strings":["Information Technologies Institute, CERTH,Thessaloniki,Greece"],"affiliations":[{"raw_affiliation_string":"Information Technologies Institute, CERTH,Thessaloniki,Greece","institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5052217950"],"corresponding_institution_ids":["https://openalex.org/I4210093649","https://openalex.org/I4210134249"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.37825696,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"267","last_page":"274"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9750999808311462,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9750999808311462,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9731000065803528,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9545000195503235,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8403091430664062},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.762863039970398},{"id":"https://openalex.org/keywords/generative-grammar","display_name":"Generative grammar","score":0.7357571721076965},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5015964508056641}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8403091430664062},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.762863039970398},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.7357571721076965},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5015964508056641},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr64739.2025.11130010","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130010","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2953517361","https://openalex.org/W2958285686","https://openalex.org/W3080469893","https://openalex.org/W3136916314","https://openalex.org/W3167734038","https://openalex.org/W3216768217","https://openalex.org/W4205320075","https://openalex.org/W4214888769","https://openalex.org/W4392358084","https://openalex.org/W4392529044","https://openalex.org/W4393158884","https://openalex.org/W4400976574","https://openalex.org/W4401455075"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4285370786"],"abstract_inverted_index":{"Intrusion":[0],"Detection":[1],"Systems":[2],"(IDS)":[3],"are":[4,16],"essential":[5],"for":[6,78],"effective":[7],"cyber-defense.":[8],"Signature-based":[9],"IDS":[10,125],"operate":[11],"using":[12,63],"specific":[13],"rules":[14,46,62,77,105,126],"which":[15,38,60,72],"difficult":[17],"to":[18,21,44,123],"generate":[19,45,124],"due":[20],"the":[22,57,69,88,120,128,139],"evolving":[23],"cybersecurity":[24],"landscape.":[25],"To":[26],"this":[27,29],"end,":[28],"work":[30,118],"proposes":[31],"a":[32,132,135],"rule":[33],"generation":[34],"framework,":[35],"called":[36],"RuleXploit,":[37],"uses":[39],"Large":[40],"Language":[41],"Models":[42],"(LLMs)":[43],"from":[47,127],"exploits.":[48],"The":[49,82],"proposed":[50],"framework":[51,84],"is":[52,85],"composed":[53],"of":[54,111,131,142],"two":[55],"components:":[56],"RuleXploit":[58,70,83,99],"Generator,":[59],"produces":[61],"structured":[64],"prompts":[65],"and":[66,68,74,80,97,106],"examples,":[67],"Refinery,":[71],"validates":[73],"refines":[75],"these":[76],"accuracy":[79],"effectiveness.":[81],"demonstrated":[86],"via":[87],"GPT-4o":[89],"model,":[90],"configured":[91],"with":[92],"tailored":[93],"prompt":[94],"engineering":[95],"techniques":[96],"settings.":[98],"successfully":[100],"generated":[101],"100%":[102],"syntactically":[103],"valid":[104],"achieved":[107],"an":[108],"effectiveness":[109],"rate":[110],"76.67%":[112],"in":[113],"detecting":[114],"malicious":[115],"traffic.":[116],"This":[117],"presents":[119],"first":[121],"approach":[122],"exploit":[129],"code":[130],"vulnerability,":[133],"offering":[134],"novel":[136],"way":[137],"towards":[138],"successful":[140],"mitigation":[141],"cyber":[143],"attacks.":[144]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}