Category: Dates and Deadlines
April 27, 2026

April 30 – Elijah Needham’s thesis defense

This notice appeared in the Weekly Phoenix between April 27, 2026 and April 30, 2026.

Graduate student Elijah Needham will be defending his thesis titled “Design and Implementation of an LLM-Based Framework for Automated CVE Characterization.”

Elijah Needham thesis defense

  • Date: Thursday, April 30
  • Time: 3:30-5 p.m.
  • Location: BARC 1158
  • Current major: M.S. of computer science
  • Thesis committee chair: Dr. Ayesha S. Dina
  • Committee members: Dr. Denis Ulybyshev, Dr. Arijet Sarker and Dr. Abdulaziz Alhamadani

Abstract

The National Vulnerability Database (NVD) is a public repository of software and hardware cybersecurity vulnerabilities maintained by the National Institute of Standards and Technology (NIST). As the number of reported common vulnerabilities and exposures (CVEs) continues to grow, automated vulnerability characterization has become increasingly important for risk assessment, mitigation planning, and incident response. However, manual characterization is costly and time-consuming, while many traditional machine learning (ML) approaches depend on large labeled datasets. In addition, official CVE descriptions are often brief, ambiguous, and lacking critical technical context.

This thesis investigates the use of large language models (LLMs) to automate vulnerability characterization using the Vulnerability Description Ontology (VDO), which organizes vulnerabilities into 27 categories across five noun groups: Attack Theater, Context, Impact Method, Logical Impact, and Mitigation. In the first approach, we study an ontology-guided LLM framework that performs characterization directly from CVE descriptions using zero-shot and few-shot prompting. We then extend this approach with a knowledge-augmented agentic framework that enriches sparse CVE descriptions with external technical context before classification.

We evaluate both approaches using GPT-4o, Llama-3.1-405B, and Gemini on a benchmark VDO-labeled dataset and a newly constructed dataset of recent CVEs from 2024-2025. In Approach 1, the ontology-guided LLM framework demonstrates strong performance using only the original CVE descriptions, achieving F1-scores near or above 0.90 on the Impact Method and Attack Theater noun groups and 0.83 on Mitigation. In Approach 2, the knowledge-augmented agentic framework further improves characterization performance by enriching sparse CVE descriptions with external technical context, with GPT-4o exceeding 0.90 F1 on multiple noun groups and above 0.80 on most categories. These results show that while the initial framework is effective with limited labeled data, the knowledge-augmented approach provides stronger performance for sparse, ambiguous, and newly disclosed vulnerabilities.

For more information, please contact Elijah Needham.