Integrating knowledge graphs with retrieval-augmented generation to automate IoT device security compliance

The rapid growth of Internet of Things (IoT) devices has led to the development of data protection regulations, but existing cybersecurity standards like NISTIR 8259A pose challenges for efficient retrieval and contextualization due to their lengthy, non-machine-readable format. This study introduces a knowledge graph to represent key concepts of NISTIR 8259A, facilitating structured data representation and automated rule retrieval for IoT security compliance. We evaluate the knowledge graph's effectiveness using Retrieval-Augmented Generation (RAG) techniques and compare its performance to traditional methods, including its treatment as a vector database. Our findings indicate that integrating RAG with graph data significantly enhances query precision and retrieval efficiency. Using various large language models (LLMs) like LLAMA2, Mistral-7B, and GPT-3.5, we provide a comparative analysis focused on performance metrics. This research offers insights for optimizing LLM integration within knowledge graph systems, advancing cybersecurity information retrieval in IoT networks.