TY - GEN
T1 - Towards Automatic Mapping of Vulnerabilities to Attack Patterns using Large Language Models
AU - Das, Siddhartha Shankar
AU - Dutta, Ashutosh
AU - Purohit, Sumit
AU - Serra, Edoardo
AU - Halappanavar, Mahantesh
AU - Pothen, Alex
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Cyber-attack surface of an enterprise continuously evolves due to the advent of new devices and applications with inherent vulnerabilities, and the emergence of novel attack techniques that exploit these vulnerabilities. Therefore, security management tools must assess the cyber-risk of an enterprise at regular intervals by comprehensively identifying associations among attack techniques, weaknesses, and vulnerabilities. How-ever, existing repositories providing such associations are incomplete (i.e., missing associations), which increases the likelihood of undermining the risk of specific set of attack techniques with missing information. Further, such associations often rely on manual interpretations that are slow compared to the speed of attacks, and therefore, ineffective in combating the ever increasing list of vulnerabilities and attack actions. Therefore, developing methodologies to associate vulnerabilities to all relevant attack techniques automatically and accurately is critically important. In this paper, we present a framework-Vulnerabilities and Weakness to Common Attack Pattern Mapping (VWC-MAP)-that can automatically identify all relevant attack techniques of a vulnerability via weakness based on their text descriptions, applying natural language process (NLP) techniques. VWC-MAP is enabled by a novel two-tiered classification approach, where the first tier classifies vulnerabilities to weakness, and the second tier classifies weakness to attack techniques. In this work, we improve the scalability of the current state-of-the-art tool to significantly speedup the mapping of vulnerabilities to weaknesses. We also present two novel automated approaches for mapping weakness to attack techniques by applying Text-to-Text and link prediction techniques. Our experimental results are cross-validated by cyber-security experts and demonstrate that VWC-MAP can associate vulnerabilities to weakness-types with up to 87% accuracy, and weaknesses to new attack patterns with up to 80% accuracy.
AB - Cyber-attack surface of an enterprise continuously evolves due to the advent of new devices and applications with inherent vulnerabilities, and the emergence of novel attack techniques that exploit these vulnerabilities. Therefore, security management tools must assess the cyber-risk of an enterprise at regular intervals by comprehensively identifying associations among attack techniques, weaknesses, and vulnerabilities. How-ever, existing repositories providing such associations are incomplete (i.e., missing associations), which increases the likelihood of undermining the risk of specific set of attack techniques with missing information. Further, such associations often rely on manual interpretations that are slow compared to the speed of attacks, and therefore, ineffective in combating the ever increasing list of vulnerabilities and attack actions. Therefore, developing methodologies to associate vulnerabilities to all relevant attack techniques automatically and accurately is critically important. In this paper, we present a framework-Vulnerabilities and Weakness to Common Attack Pattern Mapping (VWC-MAP)-that can automatically identify all relevant attack techniques of a vulnerability via weakness based on their text descriptions, applying natural language process (NLP) techniques. VWC-MAP is enabled by a novel two-tiered classification approach, where the first tier classifies vulnerabilities to weakness, and the second tier classifies weakness to attack techniques. In this work, we improve the scalability of the current state-of-the-art tool to significantly speedup the mapping of vulnerabilities to weaknesses. We also present two novel automated approaches for mapping weakness to attack techniques by applying Text-to-Text and link prediction techniques. Our experimental results are cross-validated by cyber-security experts and demonstrate that VWC-MAP can associate vulnerabilities to weakness-types with up to 87% accuracy, and weaknesses to new attack patterns with up to 80% accuracy.
UR - http://www.scopus.com/inward/record.url?scp=85148456212&partnerID=8YFLogxK
U2 - 10.1109/HST56032.2022.10025459
DO - 10.1109/HST56032.2022.10025459
M3 - Conference contribution
AN - SCOPUS:85148456212
T3 - 2022 IEEE International Symposium on Technologies for Homeland Security, HST 2022
BT - 2022 IEEE International Symposium on Technologies for Homeland Security, HST 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE International Symposium on Technologies for Homeland Security, HST 2022
Y2 - 14 November 2022 through 15 November 2022
ER -