2025 IEEE International Conference on Intelligence and Security Informatics (ISI)

Integrating Knowledge Graphs with Retrieval-Augmented Generation to Automate IoT Device Security Compliance

, , and

As IoT device adoption grows, ensuring cybersecurity compliance with IoT standards, like National Institute of Standards and Technology Interagency (NISTIR) 8259A, has become increasingly complex. These standards are typically presented in lengthy, text-based formats that are difficult to process and query automatically. We built a knowledge graph to address this challenge to represent the key concepts, relationships, and references within NISTIR 8259A. We further integrate this knowledge graph with Retrieval-Augmented Generation (RAG) techniques that can be used by large language models (LLMs) to enhance the accuracy and contextual relevance of information retrieval. Additionally, we evaluate the performance of RAG using both graph-based queries and vector database embeddings. Our framework, implemented in Neo4j, was tested using multiple LLMs, including LLAMA2, Mistral-7B, and GPT-4. Our findings show that combining knowledge graphs with RAG significantly improves query precision and contextual relevance compared to unstructured vector-based retrieval methods. While traditional rule-based compliance tools were not evaluated in this study, our results demonstrate the advantages of structured, graph driven querying for security standards like NISTIR 8259A.


  • 403195 bytes

cybersecurity compliance, iot security, knowledge graph, langchain, large language models (llms), neo4j, retrieval-augmented generation (rag), vector database

InProceedings

IEEE

IEEE

Downloads: 308 downloads

UMBC ebiquity