Tracing CAPEC Attack Patterns from CVE Vulnerability Information using Natural Language Processing Technique

To effectively respond to vulnerabilities, information must not only be collected efficiently and quickly but also the vulnerability and the attack techniques must be understood. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses. Because the information in these two repositories is not directly related, identifying the related CAPEC attack information from the CVE vulnerability information is challenging. One proposed method traces some related CAPEC-ID from CVE-ID through Common Weakness Enumeration (CWE). However, it is not applicable to all patterns. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using TFIDF and Doc2Vec. Additionally, we experimentally confirm that TF-IDF is more accurate than Doc2vec.

[1]  S. A. Asghari,et al.  Ontology-based modeling of DDoS attacks for attack plan detection , 2012, 6th International Symposium on Telecommunications (IST).

[2]  Stephen C. Adams,et al.  Selecting System Specific Cybersecurity Attack Patterns Using Topic Modeling , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[3]  Eduardo B. Fernández,et al.  CSPM: Metamodel for Handling Security and Privacy Knowledge in Cloud Service Development , 2021, Int. J. Syst. Softw. Secur. Prot..

[4]  Jérôme François,et al.  Utilizing attack enumerations to study SDN/NFV vulnerabilities , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[5]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[6]  Hao Wang,et al.  Ranking Attacks Based on Vulnerability Analysis , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[7]  Richard M. Schwartz,et al.  A hidden Markov model information retrieval system , 1999, SIGIR '99.

[8]  Nidhi Garg,et al.  Analysis and Impact of Vulnerability Assessment and Penetration Testing , 2019, 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon).

[9]  Christopher D. Manning,et al.  Introduction to Information Retrieval , 2010, J. Assoc. Inf. Sci. Technol..

[10]  Xiao Ma,et al.  Semantic Mapping of Security Events to Known Attack Patterns , 2018, NLDB.

[11]  Quoc V. Le,et al.  Distributed Representations of Sentences and Documents , 2014, ICML.

[12]  Zheng Luo,et al.  Ontology-based model of network and computer attacks for security assessment , 2013, Journal of Shanghai Jiaotong University (Science).

[13]  Minzhe Guo,et al.  An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security , 2009 .

[14]  Olivier Festor,et al.  HuMa: A Multi-layer Framework for Threat Analysis in a Heterogeneous Log Environment , 2017, FPS.

[15]  Gaurav Gupta,et al.  "Leadership in Action: How Top Hackers Behave" A Big-Data Approach with Text-Mining and Sentiment Analysis , 2018, HICSS.

[16]  Ratsameetip Wita,et al.  An Ontology for Vulnerability Lifecycle , 2010, 2010 Third International Symposium on Intelligent Information Technology and Security Informatics.

[17]  Jay F. Nunamaker,et al.  Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence , 2017, J. Manag. Inf. Syst..

[18]  Shiyan Ou,et al.  Unsupervised Citation Sentence Identification Based on Similarity Measurement , 2018, iConference.

[19]  Pilsung Kang,et al.  Multi-co-training for document classification using various document representations: TF-IDF, LDA, and Doc2Vec , 2019, Inf. Sci..

[20]  Igor V. Kotenko,et al.  The CAPEC based generator of attack scenarios for network security evaluation , 2015, 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS).

[21]  Babu M. Mehtre,et al.  An overview of vulnerability assessment and penetration testing techniques , 2015, Journal of Computer Virology and Hacking Techniques.

[22]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[23]  Χρήστος Γρηγοριάδης Identification and assessment of security attacks and vulnerabilities, utilizing CVE, CWE and CAPEC , 2019 .

[24]  Benjamin C. M. Fung,et al.  Mining known attack patterns from security-related events , 2015, PeerJ Comput. Sci..

[25]  Ehab Al-Shaer,et al.  ThreatZoom: neural network for automated vulnerability mitigation , 2019, HotSoS.

[26]  Jin Yi,et al.  Research on Parallel Vulnerabilities Discovery Based on Open Source Database and Text Mining , 2015, 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP).

[27]  Ville Leppänen,et al.  Toward Validation of Textual Information Retrieval Techniques for Software Weaknesses , 2018, DEXA Workshops.

[28]  Guoen Xia,et al.  Research on Vulnerability Ontology Model , 2019, 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC).