CVE2ATT&amp;CK: BERT-Based Mapping of CVEs to MITRE ATT&amp;CK Techniques

Grigorescu, Octavian; Nica, Andreea; Dascălu, Mihai; Rughiniș, Răzvan

doi:10.3390/a15090314

Cited by 25 publications

(19 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We then created and deployed a small test network of 15 hosts using containerization and custom bash scripts to generate traffic (The source code for our attack scenario is located here: https://github.com/artemis19/riverside_ scenario.). Using these scripts, we simulated a realistic attack on the network, loosely modeled after the tactics, techniques, and procedures (TTPs) outlined in the MITRE ATT&CK framework 86 as seen in Table 6. This ensured accurate attack timing across all participant sessions to establish a consistent baseline for every participant trial.…”

Section: Methodsmentioning

confidence: 99%

Riverside: A design study on visualization for situation awareness in cybersecurity

DeValk,

Elmqvist

2023

Information Visualization

View full text Add to dashboard Cite

Real-time situation awareness is a key challenge of cybersecurity defense. Visual analytics has been utilized for this purpose, but existing tools tend to require detailed knowledge about the network, which can be challenging in large-scale, production networks. We conducted an interview study involving 24 security professionals to gather requirements for the design, development, and evaluation of visualization to aid situation awareness in cybersecurity. Using these findings, we designed a visualization tool – called RIVERSIDE – for providing a real-time view of the dynamically changing computer network to support situation awareness. We evaluated Riverside in a user study involving 10 participants. Participants were placed in an incident response scenario that tasked them to identify malicious activity on a network. 20% of the users identified all attack component, while an additional 40% only missed one component.

show abstract

Section: Methodsmentioning

confidence: 99%

Riverside: A design study on visualization for situation awareness in cybersecurity

DeValk,

Elmqvist

2023

Information Visualization

View full text Add to dashboard Cite

show abstract

“…Not only do we want to recognize and block attacks as they occur-we also need to observe external data and the overall network context to predict relevant events and new attack patterns, addressing the so-called threat intelligence landscape. In [9], the authors used two well-known threat databases (CVE and MITRE) and proposed a technique to link and correlate these two sources. The tenth paper [10] used formal ontologies to monitor new threats and identify the corresponding risks in an automated way.…”

Section: Threat Intelligence [910]mentioning

confidence: 99%

“…This Special Issue presents ten papers [1][2][3][4][5][6][7][8][9][10] that can be grouped under five main topics.…”

Section: Introductionmentioning

confidence: 99%

Special Issue “AI for Cybersecurity: Robust Models for Authentication, Threat and Anomaly Detection”

Bergadano

Giacinto

2023

Algorithms

View full text Add to dashboard Cite

show abstract

“…However, it may also involve data preprocessing and fine-tuning steps specific to the CVE and ATT&CK techniques domain. It may also require computational resources and expertise in deep learning Grigorescu et al (2022).…”

mentioning

confidence: 99%

Mapping Vulnerability Description to MITRE ATT&CK Framework by LLM

Rafiey,

Namadchian

2024

Preprint

View full text Add to dashboard Cite

As the number and complexity of cybersecurity threats continue to increase, security professionals must augment their knowledge by utilizing resources that provide insights into the attack patterns and techniques employed by attackers. This understanding allows them to better comprehend the potential impact of a vulnerability and prioritize the development of effective mitigation strategies within their organizations. Given the frequent generation of CVEs and the impossibility of manually mapping them to MITRE ATT&CK techniques, relying on automation methods such as BERT, a language model requiring training and fine-tuning becomes both expensive and time-consuming. To address this issue, our paper proposes a cost-effective approach using a general-purpose chatbot like GPT-3 to perform CVE to ATT&CK mapping, which yields similar results with lower costs and greater expandability.

show abstract

CVE2ATT&CK: BERT-Based Mapping of CVEs to MITRE ATT&CK Techniques

Cited by 25 publications

References 21 publications

Riverside: A design study on visualization for situation awareness in cybersecurity

Riverside: A design study on visualization for situation awareness in cybersecurity

Special Issue “AI for Cybersecurity: Robust Models for Authentication, Threat and Anomaly Detection”

Mapping Vulnerability Description to MITRE ATT&CK Framework by LLM

Contact Info

Product

Resources

About

CVE2ATT&CK: BERT-Based Mapping of CVEs to MITRE ATT&CK Techniques

Cited by 25 publications

References 21 publications

Riverside: A design study on visualization for situation awareness in cybersecurity

Riverside: A design study on visualization for situation awareness in cybersecurity

Special Issue “AI for Cybersecurity: Robust Models for Authentication, Threat and Anomaly Detection”

Mapping Vulnerability Description to MITRE ATT&amp;CK Framework by LLM

Contact Info

Product

Resources

About

Mapping Vulnerability Description to MITRE ATT&CK Framework by LLM