Comparative Evaluation of NLP-Based Approaches for Linking CAPEC Attack Patterns from CVE Vulnerability Information

Vulnerability and attack information must be collected to assess the severity of vulnerabilities and prioritize countermeasures against cyberattacks quickly and accurately. Common Vulnerabilities and Exposures is a dictionary that lists vulnerabilities and incidents, while Common Attack Pattern Enum...

Full description

Bibliographic Details
Main Authors: Fukazawa, Y. (Author), Hazeyama, A. (Author), Kanakogi, K. (Author), Kanuka, H. (Author), Kato, T. (Author), Ogata, S. (Author), Okubo, T. (Author), Washizaki, H. (Author), Yoshioka, N. (Author)
Format: Article
Language:English
Published: MDPI 2022
Subjects:
CVE
Online Access:View Fulltext in Publisher
LEADER 02325nam a2200325Ia 4500
001 0.3390-app12073400
008 220421s2022 CNT 000 0 und d
020 |a 20763417 (ISSN) 
245 1 0 |a Comparative Evaluation of NLP-Based Approaches for Linking CAPEC Attack Patterns from CVE Vulnerability Information 
260 0 |b MDPI  |c 2022 
856 |z View Fulltext in Publisher  |u https://doi.org/10.3390/app12073400 
520 3 |a Vulnerability and attack information must be collected to assess the severity of vulnerabilities and prioritize countermeasures against cyberattacks quickly and accurately. Common Vulnerabilities and Exposures is a dictionary that lists vulnerabilities and incidents, while Common Attack Pattern Enumeration and Classification is a dictionary of attack patterns. Direct identification of common attack pattern enumeration and classification from common vulnerabilities and exposures is difficult, as they are not always directly linked. Here, an approach to directly find common links between these dictionaries is proposed. Then, several patterns, which are combinations of similarity measures and popular algorithms such as term frequency–inverse document frequency, universal sentence encoder, and sentence BERT, are evaluated experimentally using the proposed approach. Specifically, two metrics, recall and mean reciprocal rank, are used to assess the traceability of the common attack pattern enumeration and classification identifiers associated with 61 identifiers for common vulnerabilities and exposures. The experiment confirms that the term frequency–inverse document frequency algorithm provides the best overall performance. © 2022 by the authors. Licensee MDPI, Basel, Switzerland. 
650 0 4 |a CAPEC 
650 0 4 |a CVE 
650 0 4 |a cybersecurity database 
650 0 4 |a natural language processing 
650 0 4 |a sentence BERT 
650 0 4 |a sentence embeddings 
650 0 4 |a TF-IDF 
650 0 4 |a universal sentence encoder 
700 1 0 |a Fukazawa, Y.  |e author 
700 1 0 |a Hazeyama, A.  |e author 
700 1 0 |a Kanakogi, K.  |e author 
700 1 0 |a Kanuka, H.  |e author 
700 1 0 |a Kato, T.  |e author 
700 1 0 |a Ogata, S.  |e author 
700 1 0 |a Okubo, T.  |e author 
700 1 0 |a Washizaki, H.  |e author 
700 1 0 |a Yoshioka, N.  |e author 
773 |t Applied Sciences (Switzerland)