This paper addresses a critical challenge in cybersecurity: the gap between vulnerability information represented by Common Vulnerabilities and Exposures (CVEs) and the resulting cyberattack actions. CVEs provide insights into vulnerabilities, but often lack details on potential threat actions (tactics, techniques, and procedures, or TTPs) within the ATT&CK framework. This gap hinders accurate CVE categorization and proactive countermeasure initiation. The paper introduces the TTPpredictor tool, which uses innovative techniques to analyze CVE descriptions and infer plausible TTP attacks resulting from CVE exploitation. TTPpredictor overcomes challenges posed by limited labeled data and semantic disparities between CVE and TTP descriptions. It initially extracts threat actions from unstructured cyber threat reports using Semantic Role Labeling (SRL) techniques. These actions, along with their contextual attributes, are correlated with MITRE's attack functionality classes. This automated correlation facilitates the creation of labeled data, essential for categorizing novel threat actions into threat functionality classes and TTPs. The paper presents an empirical assessment, demonstrating TTPpredictor's effectiveness with accuracy rates of approximately 98% and F1-scores ranging from 95% to 98% in precise CVE classification to ATT&CK techniques. TTPpredictor outperforms state-of-the-art language model tools like ChatGPT. Overall, this paper offers a robust solution for linking CVEs to potential attack techniques, enhancing cybersecurity practitioners' ability to proactively identify and mitigate threats.

翻译：本文针对网络安全中的一个关键挑战：通用漏洞与暴露（CVE）所代表的漏洞信息与由此产生的网络攻击行为之间的鸿沟。CVE提供了对漏洞的洞察，但往往缺乏关于ATT&CK框架内潜在威胁行为（战术、技术和程序，即TTPs）的细节。这一鸿沟阻碍了准确的CVE分类和主动防御措施的启动。本文介绍了TTPpredictor工具，该工具采用创新技术分析CVE描述，并推断因利用CVE而可能发生的TTP攻击。TTPpredictor克服了有限标注数据和CVE与TTP描述之间语义差异所带来的挑战。它首先利用语义角色标注（SRL）技术从非结构化网络威胁报告中提取威胁行为。这些行为及其上下文属性与MITRE的攻击功能类别相关联。这种自动关联有助于创建标注数据，这对于将新型威胁行为分类到威胁功能类别和TTPs中至关重要。本文进行了实证评估，结果表明TTPpredictor在将CVE精确分类到ATT&CK技术方面表现优异，准确率约为98%，F1分数在95%至98%之间。TTPpredictor的性能优于ChatGPT等最先进的语言模型工具。总体而言，本文为将CVE与潜在攻击技术联系起来提供了稳健的解决方案，增强了网络安全从业者主动识别和缓解威胁的能力。