Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{2418565,
author = {Othman, Refat T A and Rossi, Bruno and Russo, Barbara},
booktitle = {50th Euromicro Conference Series on Software Engineering and Advanced Applications (SEAA)},
keywords = {MITRE; CAPEC; CVE; Transformer models; Pretrained language models},
language = {eng},
publisher = {IEEE},
title = {Cybersecurity Defenses: Exploration of CVE Types through Attack Descriptions},
year = {2024}
}
TY - JOUR
ID - 2418565
AU - Othman, Refat T A - Rossi, Bruno - Russo, Barbara
PY - 2024
TI - Cybersecurity Defenses: Exploration of CVE Types through Attack Descriptions
PB - IEEE
KW - MITRE
KW - CAPEC
KW - CVE
KW - Transformer models
KW - Pretrained language models
N2 - Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool using a sentence transformer MPNET to identify system vulnerabilities from attack descriptions. Our model was applied to 100 attack techniques from the ATT&CK repository and 685 issues from the CVE repository. Then, we compare the performance of VULDAT against the other eight state-of-the-art classifiers based on sentence transformers. Our findings indicate that our model achieves the best performance with F1 score of 0.85, Precision of 0.86, and Recall of 0.83. Furthermore, we found 56% of CVE reports vulnerabilities associated with an attack were identified by VULDAT, and 61% of identified vulnerabilities were in the CVE repository.
ER -
OTHMAN, Refat T A, Bruno ROSSI a Barbara RUSSO. Cybersecurity Defenses: Exploration of CVE Types through Attack Descriptions. In \textit{50th Euromicro Conference Series on Software Engineering and Advanced Applications (SEAA)}. IEEE, 2024.
|
