Integrating Knowledge Graphs with Retrieval-Augmented Generation to Automate IoT Device Security Compliance

Files

Integrating_Knowledge_Graphs_with_Retrieval-Augmented_Generation_to_Automate_IoT_Device_Security_Compliance.pdf (523.28 KB)

Links to Files

https://ieeexplore.ieee.org/document/11201135

Permanent Link

https://doi.org/10.1109/ISI65680.2025.11201135

Collections

UMBC Information Systems Department
UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-6354-1686
 https://orcid.org/0000-0001-8024-6980

Date

2025-10-21

Type of Work

conference papers and proceedings
preprints
Text

Department

Program

Citation of Original Publication

Islam, Mohammad M., Lavanya Elluri, and Karuna Pande Joshi. “Integrating Knowledge Graphs with Retrieval-Augmented Generation to Automate IoT Device Security Compliance.” 2025 IEEE International Conference on Intelligence and Security Informatics (ISI), July 2025, 52–57. https://doi.org/10.1109/ISI65680.2025.11201135

Rights

© 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Subjects

UMBC Ebiquity Research Group
UMBC Knowledge, Analytics, Cognitive and Cloud Computing (KnACC) lab
UMBC Cybersecurity Institute

Abstract

As IoT device adoption grows, ensuring cybersecurity compliance with IoT standards, like National Institute of Standards and Technology Interagency (NISTIR) 8259A, has become increasingly complex. These standards are typically presented in lengthy, text-based formats that are difficult to process and query automatically. We built a knowledge graph to address this challenge to represent the key concepts, relationships, and references within NISTIR 8259A. We further integrate this knowledge graph with RetrievalAugmented Generation (RAG) techniques that can be used by large language models (LLMs) to enhance the accuracy and contextual relevance of information retrieval. Additionally, we evaluate the performance of RAG using both graph-based queries and vector database embeddings. Our framework, implemented in Neo4j, was tested using multiple LLMs, including LLAMA2, Mistral-7B, and GPT-4. Our findings show that combining knowledge graphs with RAG significantly improves query precision and contextual relevance compared to unstructured vector-based retrieval methods. While traditional rule-based compliance tools were not evaluated in this study, our results demonstrate the advantages of structured, graphdriven querying for security standards like NISTIR 8259A.