Threat analysis is continuously growing in importance due to the always-increasing complexity and frequency of cyber attacks. Analyzing threats demands significant effort from security experts: different cybersecurity knowledge bases support this task, but manual efforts are required to correlate heterogeneous sources into a unified view that would enable a more comprehensive assessment. To address this gap, we propose ThreatLinker, a methodology leveraging Natural Language Processing (NLP) to effectively and efficiently associate Common Vulnerabilities and Exposure (CVE) vulnerabilities with Common Attack Pattern Enumeration and Classification (CAPEC) attack patterns. The proposed technique combines semantic similarity with keyword analysis to improve the accuracy of association estimations. We contributed a larger dataset for CVE-CAPEC correlation, and experimental evaluations demonstrate superior performance compared to state-of-the-art models.
翻译:由于网络攻击的复杂性和频率持续上升,威胁分析的重要性日益凸显。分析威胁需要安全专家投入大量精力:不同的网络安全知识库支持这项任务,但需要人工努力将异构来源关联成统一视图,以实现更全面的评估。为弥补这一不足,我们提出威胁链接器,这是一种利用自然语言处理(NLP)来高效且有效地将通用漏洞披露(CVE)漏洞与常见攻击模式枚举与分类(CAPEC)攻击模式相关联的方法。该技术结合了语义相似性与关键词分析,以提高关联估计的准确性。我们贡献了一个更大的CVE-CAPEC关联数据集,实验评估表明,其性能优于现有最先进的模型。