{"id":"https://openalex.org/W7123350151","doi":"https://doi.org/10.1109/dsa66321.2025.00018","title":"From Manual to Automated Cyber Risk Assessment: LLM- and RAG-Driven Multi-Agent Threat Modeling with CORAS in Healthcare Case Studies","display_name":"From Manual to Automated Cyber Risk Assessment: LLM- and RAG-Driven Multi-Agent Threat Modeling with CORAS in Healthcare Case Studies","publication_year":2025,"publication_date":"2025-11-24","ids":{"openalex":"https://openalex.org/W7123350151","doi":"https://doi.org/10.1109/dsa66321.2025.00018"},"language":null,"primary_location":{"id":"doi:10.1109/dsa66321.2025.00018","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsa66321.2025.00018","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 12th International Conference on Dependable Systems and Their Applications (DSA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051734865","display_name":"Gencer Erdogan","orcid":"https://orcid.org/0000-0001-9407-5748"},"institutions":[{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]},{"id":"https://openalex.org/I4387930215","display_name":"SINTEF Digital","ror":"https://ror.org/028m52w57","country_code":null,"type":"facility","lineage":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]}],"countries":["NO"],"is_corresponding":true,"raw_author_name":"Gencer Erdogan","raw_affiliation_strings":["Sustainable Communication Technologies, SINTEF Digital,Oslo,Norway"],"affiliations":[{"raw_affiliation_string":"Sustainable Communication Technologies, SINTEF Digital,Oslo,Norway","institution_ids":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122853852","display_name":"Morgan Gillette","orcid":null},"institutions":[{"id":"https://openalex.org/I194210350","display_name":"\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs de Caen","ror":"https://ror.org/01fpqqe90","country_code":"FR","type":"education","lineage":["https://openalex.org/I194210350","https://openalex.org/I4210105918"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Morgan Gillette","raw_affiliation_strings":["National Graduate School of Engineering and Research Center,Caen,France"],"affiliations":[{"raw_affiliation_string":"National Graduate School of Engineering and Research Center,Caen,France","institution_ids":["https://openalex.org/I194210350"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061531148","display_name":"Simeon Tverdal","orcid":"https://orcid.org/0000-0003-1660-4127"},"institutions":[{"id":"https://openalex.org/I4387930215","display_name":"SINTEF Digital","ror":"https://ror.org/028m52w57","country_code":null,"type":"facility","lineage":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]},{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Simeon Tverdal","raw_affiliation_strings":["Sustainable Communication Technologies, SINTEF Digital,Oslo,Norway"],"affiliations":[{"raw_affiliation_string":"Sustainable Communication Technologies, SINTEF Digital,Oslo,Norway","institution_ids":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037781335","display_name":"Ragnhild Halvorsrud","orcid":"https://orcid.org/0000-0002-3774-4287"},"institutions":[{"id":"https://openalex.org/I4387930215","display_name":"SINTEF Digital","ror":"https://ror.org/028m52w57","country_code":null,"type":"facility","lineage":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]},{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Ragnhild Halvorsrud","raw_affiliation_strings":["Sustainable Communication Technologies, SINTEF Digital,Oslo,Norway"],"affiliations":[{"raw_affiliation_string":"Sustainable Communication Technologies, SINTEF Digital,Oslo,Norway","institution_ids":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5051734865"],"corresponding_institution_ids":["https://openalex.org/I173888879","https://openalex.org/I4387930215"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.79585741,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"55","last_page":"64"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6449000239372253,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6449000239372253,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.04769999906420708,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.03840000182390213,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.6007999777793884},{"id":"https://openalex.org/keywords/health-care","display_name":"Health care","score":0.5062999725341797},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.46709999442100525},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4555000066757202},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.400299996137619},{"id":"https://openalex.org/keywords/orchestration","display_name":"Orchestration","score":0.3853999972343445},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.3752000033855438}],"concepts":[{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.6007999777793884},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5878999829292297},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5544000267982483},{"id":"https://openalex.org/C160735492","wikidata":"https://www.wikidata.org/wiki/Q31207","display_name":"Health care","level":2,"score":0.5062999725341797},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47540000081062317},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.46709999442100525},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4555000066757202},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.400299996137619},{"id":"https://openalex.org/C199168358","wikidata":"https://www.wikidata.org/wiki/Q3367000","display_name":"Orchestration","level":3,"score":0.3853999972343445},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.3752000033855438},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.3538999855518341},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.33390000462532043},{"id":"https://openalex.org/C2780616401","wikidata":"https://www.wikidata.org/wiki/Q1133673","display_name":"Cornerstone","level":2,"score":0.32910001277923584},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3246999979019165},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.3043000102043152},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.2906999886035919},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2865000069141388},{"id":"https://openalex.org/C21338462","wikidata":"https://www.wikidata.org/wiki/Q1662581","display_name":"Information model","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C145642194","wikidata":"https://www.wikidata.org/wiki/Q870895","display_name":"Health informatics","level":3,"score":0.25859999656677246}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/dsa66321.2025.00018","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsa66321.2025.00018","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 12th International Conference on Dependable Systems and Their Applications (DSA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3465235468","display_name":null,"funder_award_id":"101094323","funder_id":"https://openalex.org/F4320309359","funder_display_name":"Elon University"}],"funders":[{"id":"https://openalex.org/F4320309359","display_name":"Elon University","ror":"https://ror.org/01szgyb91"},{"id":"https://openalex.org/F4358338572","display_name":"SINTEF Industri","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Cyber":[0],"risk":[1,47,73,150],"assessment":[2,74],"is":[3],"a":[4],"cornerstone":[5],"of":[6,45,92],"cybersecurity":[7],"management,":[8],"yet":[9],"current":[10],"practices":[11],"remain":[12],"largely":[13],"manual,":[14],"static,":[15],"and":[16,38,49,78,80,86,95,100,103,115,129,137,139,154],"resource":[17],"intensive.":[18],"This":[19],"paper":[20],"presents":[21],"the":[22,43,90,93,123,141],"CORAS":[23],"Threat":[24],"Modeler,":[25],"an":[26,106],"open-source":[27],"tool":[28,58,94,124],"that":[29,122],"leverages":[30],"large":[31],"language":[32],"models":[33,51],"(LLMs),":[34],"retrieval-augmented":[35],"generation":[36,44],"(RAG),":[37],"multi-agent":[39],"orchestration":[40],"to":[41,159],"automate":[42],"structured":[46],"information":[48],"threat":[50,68,131],"directly":[52],"from":[53],"natural-language":[54],"system":[55],"descriptions.":[56],"The":[57],"was":[59],"developed":[60],"with":[61,98],"three":[62,109],"success":[63],"criteria":[64],"in":[65],"mind:":[66],"automating":[67],"model":[69],"creation,":[70],"enabling":[71],"dynamic":[72],"through":[75],"context-aware":[76],"retrieval":[77],"generation,":[79],"supporting":[81],"accessibility":[82],"for":[83,144,148],"both":[84],"experts":[85],"non-experts.":[87,145],"We":[88],"present":[89],"architecture":[91],"its":[96,162],"integration":[97],"CAPEC":[99],"CWE":[101],"repositories,":[102],"report":[104],"on":[105],"evaluation":[107],"across":[108],"healthcare":[110],"case":[111],"studies:":[112],"one":[113],"hospital":[114],"two":[116],"medical":[117],"device":[118],"manufacturers.":[119],"Results":[120],"show":[121],"successfully":[125],"produced":[126],"syntactically":[127],"correct":[128],"interpretable":[130],"models,":[132],"generated":[133],"contextually":[134],"relevant":[135],"risks":[136],"mitigations,":[138],"lowered":[140],"entry":[142],"barrier":[143],"However,":[146],"improvements":[147],"broader":[149],"coverage,":[151],"treatment":[152],"flexibility,":[153],"enhanced":[155],"usability":[156],"are":[157],"needed":[158],"fully":[160],"realize":[161],"potential.":[163]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-01-14T00:00:00"}