VMTTRP: Automated Vulnerability Mapping with MITRE ATTCK TTs, AND Risk Prioritization

Key Points

High prediction precision was achieved in mapping vulnerabilities to adversarial techniques based on publicly disclosed vulnerabilities.
The system uses a multi-label deep neural network to analyze CVE descriptions, incorporating natural language embeddings for accuracy.
Evaluation results show acceptable recall, highlighting its applicability for cybersecurity operations centers and threat hunters.
The risk prioritization mechanism goes beyond traditional CVSS scores, offering context for better decision-making against real-world threats.

Abstract

Abstract Vulnerability management remains a cornerstone of enterprise cybersecurity, but traditional approaches often fail to prioritize threats in alignment with real-world attacker behavior. This research proposes a novel automated system that uses deep learning to map publicly disclosed vulnerabilities (CVEs) to adversarial techniques defined in the MITRE ATT&CK framework. The model uses a combination of natural language embeddings and a multi-label deep neural network to predict potential attack techniques from CVE descriptions. Furthermore, it incorporates a risk prioritization mechanism that enhances decision-making beyond CVSS scores by considering behavioral threat context. Evaluation results demonstrate high prediction precision and acceptable recall, suggesting practical applicability for SOCs, threat hunters, and vulnerability analysts.

Mark Helpful

Bookmark

Relay

Mark Helpful

Bookmark

Relay

VMTTRP: Automated Vulnerability Mapping with MITRE ATTCK TTs, AND Risk Prioritization

Key Points

Abstract

Cite This Study