Paper
6 June 2024 Automatic mapping based on CVE and ATT&CK
Lei Wang, Li Sun, Duo Shang, Huihong He, Guangtao Nie, Haikuo Dong
Author Affiliations +
Proceedings Volume 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024); 131751C (2024) https://doi.org/10.1117/12.3032103
Event: 4th International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 2024, Sanya, China
Abstract
The CVE is a database of cyber security vulnerabilities that describe the characteristics of vulnerabilities. MITRE ATT&CK formalizes attack patterns (including attack tactics and techniques) through abstract theory, and gives corresponding mitigation schemes, so it is significant to identify ATT&CK attack information from CVE. Since there is no link between the two, this paper proposes a Transformer-based mapping scheme to automatically map CVE’s to ATT&CK, and verify it on the CVE dataset, which has a good mapping effect and provides security operators with Intuitive reference.
(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.
Lei Wang, Li Sun, Duo Shang, Huihong He, Guangtao Nie, and Haikuo Dong "Automatic mapping based on CVE and ATT&CK", Proc. SPIE 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 131751C (6 June 2024); https://doi.org/10.1117/12.3032103
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Transformers

Associative arrays

Computed tomography

Information security

Machine learning

Deep learning

Network security

Back to Top