Towards Automatic Mapping of Vulnerabilities to Attack Patterns using Large Language Models

2022 IEEE International Symposium on Technologies for Homeland Security (HST) Pub Date : 2022-11-14 DOI:10.1109/HST56032.2022.10025459

Siddhartha Shankar Das, Ashutosh Dutta, Sumit Purohit, Edoardo Serra, M. Halappanavar, A. Pothen

{"title":"Towards Automatic Mapping of Vulnerabilities to Attack Patterns using Large Language Models","authors":"Siddhartha Shankar Das, Ashutosh Dutta, Sumit Purohit, Edoardo Serra, M. Halappanavar, A. Pothen","doi":"10.1109/HST56032.2022.10025459","DOIUrl":null,"url":null,"abstract":"Cyber-attack surface of an enterprise continuously evolves due to the advent of new devices and applications with inherent vulnerabilities, and the emergence of novel attack techniques that exploit these vulnerabilities. Therefore, security management tools must assess the cyber-risk of an enterprise at regular intervals by comprehensively identifying associations among attack techniques, weaknesses, and vulnerabilities. How-ever, existing repositories providing such associations are incomplete (i.e., missing associations), which increases the likelihood of undermining the risk of specific set of attack techniques with missing information. Further, such associations often rely on manual interpretations that are slow compared to the speed of attacks, and therefore, ineffective in combating the ever increasing list of vulnerabilities and attack actions. Therefore, developing methodologies to associate vulnerabilities to all relevant attack techniques automatically and accurately is critically important. In this paper, we present a framework - Vulnerabilities and Weakness to Common Attack Pattern Mapping (VWC-MAP) - that can automatically identify all relevant attack techniques of a vulnerability via weakness based on their text descriptions, applying natural language process (NLP) techniques. VWC-MAP is enabled by a novel two-tiered classification approach, where the first tier classifies vulnerabilities to weakness, and the second tier classifies weakness to attack techniques. In this work, we improve the scalability of the current state-of-the-art tool to significantly speedup the mapping of vulnerabilities to weaknesses. We also present two novel automated approaches for mapping weakness to attack techniques by applying Text-to-Text and link prediction techniques. Our experimental results are cross-validated by cyber-security experts and demonstrate that VWC-MAP can associate vulnerabilities to weakness-types with up to 87% accuracy, and weaknesses to new attack patterns with up to 80% accuracy.","PeriodicalId":162426,"journal":{"name":"2022 IEEE International Symposium on Technologies for Homeland Security (HST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Symposium on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST56032.2022.10025459","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Cyber-attack surface of an enterprise continuously evolves due to the advent of new devices and applications with inherent vulnerabilities, and the emergence of novel attack techniques that exploit these vulnerabilities. Therefore, security management tools must assess the cyber-risk of an enterprise at regular intervals by comprehensively identifying associations among attack techniques, weaknesses, and vulnerabilities. How-ever, existing repositories providing such associations are incomplete (i.e., missing associations), which increases the likelihood of undermining the risk of specific set of attack techniques with missing information. Further, such associations often rely on manual interpretations that are slow compared to the speed of attacks, and therefore, ineffective in combating the ever increasing list of vulnerabilities and attack actions. Therefore, developing methodologies to associate vulnerabilities to all relevant attack techniques automatically and accurately is critically important. In this paper, we present a framework - Vulnerabilities and Weakness to Common Attack Pattern Mapping (VWC-MAP) - that can automatically identify all relevant attack techniques of a vulnerability via weakness based on their text descriptions, applying natural language process (NLP) techniques. VWC-MAP is enabled by a novel two-tiered classification approach, where the first tier classifies vulnerabilities to weakness, and the second tier classifies weakness to attack techniques. In this work, we improve the scalability of the current state-of-the-art tool to significantly speedup the mapping of vulnerabilities to weaknesses. We also present two novel automated approaches for mapping weakness to attack techniques by applying Text-to-Text and link prediction techniques. Our experimental results are cross-validated by cyber-security experts and demonstrate that VWC-MAP can associate vulnerabilities to weakness-types with up to 87% accuracy, and weaknesses to new attack patterns with up to 80% accuracy.

查看原文本刊更多论文

利用大型语言模型将漏洞自动映射到攻击模式

由于存在固有漏洞的新设备和应用程序的出现，以及利用这些漏洞的新攻击技术的出现，企业的网络攻击面不断演变。因此，安全管理工具必须通过全面识别攻击技术、弱点和漏洞之间的关联，定期评估企业的网络风险。然而，提供这种关联的现有存储库是不完整的(即缺少关联)，这增加了使用缺少信息的特定攻击技术集破坏风险的可能性。此外，这种关联通常依赖于与攻击速度相比较慢的手动解释，因此，在对抗不断增加的漏洞和攻击操作列表方面是无效的。因此，开发能够自动准确地将漏洞与所有相关攻击技术关联起来的方法是至关重要的。在本文中，我们提出了一个框架-漏洞和弱点到常见攻击模式映射(VWC-MAP) -它可以应用自然语言处理(NLP)技术，根据弱点的文本描述，通过弱点自动识别漏洞的所有相关攻击技术。VWC-MAP是通过一种新的两层分类方法实现的，其中第一层将漏洞分类为弱点，第二层将弱点分类为攻击技术。在这项工作中，我们改进了当前最先进的工具的可扩展性，以显着加快漏洞到弱点的映射。我们还提出了两种新的自动化方法，通过应用文本到文本和链接预测技术来映射弱点到攻击技术。我们的实验结果得到了网络安全专家的交叉验证，并证明VWC-MAP可以将漏洞与弱点类型关联起来，准确率高达87%，将弱点与新攻击模式关联起来的准确率高达80%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE International Symposium on Technologies for Homeland Security (HST)

自引率

0.00%

发文量