Linkage Between CVE and ATT&CK with Public Information

Tomoaki Mimoto; Yuta Gempei; Kentaro Kita; Takamasa Isohara; Shinsaku Kiyomoto; Toshiaki Tanaka

doi:10.5220/0012722600003767

Linkage Between CVE and ATT&CK with Public Information

Tomoaki Mimoto, Yuta Gempei, Kentaro Kita, Takamasa Isohara, Shinsaku Kiyomoto, Toshiaki Tanaka

2024

Abstract

Establishing rapid and effective cyber threat intelligence collection and analysis methodologies are required to counter the rapidly growing sophistication of cyberattacks. The overview of known vulnerability information and related information can be found in databases such as NVD. However, the relationship between vulnerabilities and TTPs, which are effective CTIs, must be analyzed individually by experts, and many of these relationships are unknown. In this study, we attempt to connect vulnerability information keyed to CVE-IDs with the ATT&CK, which is a knowledge base for TTPs. Specifically, vulnerability information and techniques associated with ATT&CK are each put into an embedding representation with related information, and the similarities between them are evaluated to estimate the techniques related to the CVE-IDs. This study considers the reproducibility problem due to the lack of ground truth in the cybersecurity field by handling only information available from the surface Web.

Download

Paper Citation

in Harvard Style

Mimoto T., Gempei Y., Kita K., Isohara T., Kiyomoto S. and Tanaka T. (2024). Linkage Between CVE and ATT&CK with Public Information. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 655-660. DOI: 10.5220/0012722600003767

in Bibtex Style

@conference{secrypt24,
author={Tomoaki Mimoto and Yuta Gempei and Kentaro Kita and Takamasa Isohara and Shinsaku Kiyomoto and Toshiaki Tanaka},
title={Linkage Between CVE and ATT&CK with Public Information},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={655-660},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012722600003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Linkage Between CVE and ATT&CK with Public Information
SN - 978-989-758-709-2
AU - Mimoto T.
AU - Gempei Y.
AU - Kita K.
AU - Isohara T.
AU - Kiyomoto S.
AU - Tanaka T.
PY - 2024
SP - 655
EP - 660
DO - 10.5220/0012722600003767
PB - SciTePress