Theses and Dissertations
Issuing Body
Mississippi State University
Advisor
Mittal, Sudip
Committee Member
Trawick, George
Committee Member
Young, Maxwell
Date of Degree
8-7-2025
Original embargo terms
Visible MSU Only 1 year
Document Type
Graduate Thesis - Campus Access Only
Major
Computer Science and Engineering
Degree Name
Master of Science (M.S.)
College
James Worth Bagley College of Engineering
Department
Department of Computer Science and Engineering
Abstract
Signature-based Intrusion Detection Systems (IDS) detect malicious activities by matching network or host activity against predefined rules. These rules are derived from Cyber Threat Intelligence (CTI), which includes attack signatures and behavioral patterns obtained through automated tools and manual threat analysis, such as sandboxing. The CTI is then transformed into actionable rules for the IDS engine, enabling real-time detection and prevention of threats. The constant evolution of cyber threats necessitates frequent rule updates, which delay deployment time and weaken overall security readiness. Recent advancements in autonomous agentic systems powered by Large Language Models (LLMs) offer the potential for automatic IDS rule generation with internal evaluation. This research explores the feasibility of automatically generating deployable IDS rules from CTIs, highlighting their crucial role in enhancing real-time intrusion detection. This research introduces GRAID (Autonomous Intrusion Detection Rule Generation), an agentic framework that generates IDS rules in real-time from CTIs and evaluates them using built-in syntax validators. To demonstrate the versatility of GRAID, this work targets both network (Snort) and host-based (YARA) IDS rule generation and constructs a dataset of rules with their corresponding CTIs.
Recommended Citation
Bazarov, Azim, "Autonomous generation of IDS rules from threat intelligence" (2025). Theses and Dissertations. 6617.
https://scholarsjunction.msstate.edu/td/6617
