Informace o publikaci

Cybersecurity Defenses: Exploration of CVE Types through Attack Descriptions

Autoři

OTHMAN Refat T A ROSSI Bruno RUSSO Barbara

Rok publikování 2024
Druh Článek ve sborníku
Konference 50th Euromicro Conference Series on Software Engineering and Advanced Applications (SEAA)
Citace
Klíčová slova MITRE; CAPEC; CVE; Transformer models; Pretrained language models
Popis Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool using a sentence transformer MPNET to identify system vulnerabilities from attack descriptions. Our model was applied to 100 attack techniques from the ATT&CK repository and 685 issues from the CVE repository. Then, we compare the performance of VULDAT against the other eight state-of-the-art classifiers based on sentence transformers. Our findings indicate that our model achieves the best performance with F1 score of 0.85, Precision of 0.86, and Recall of 0.83. Furthermore, we found 56% of CVE reports vulnerabilities associated with an attack were identified by VULDAT, and 61% of identified vulnerabilities were in the CVE repository.

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.

Další info