TY - GEN
T1 - Tracing CAPEC attack patterns from CVE vulnerability information using natural language processing technique
AU - Kanakogi, Kenta
AU - Washizaki, Hironori
AU - Fukazawa, Yoshiaki
AU - Ogata, Shinpei
AU - Okubo, Takao
AU - Kato, Takehisa
AU - Kanuka, Hideyuki
AU - Hazeyama, Atsuo
AU - Yoshioka, Nobukazu
N1 - Funding Information:
reviewers for their insightful comments and suggestions. This research was supported by the SCAT Research Grant; the MEXT enPiT-Pro Smart SE: Smart Systems and Services innovative professional Education program; the JSPS KAKENHI [grant number 16H02804]; and the JSPS KAKENHI [grant number 17K00475].
Publisher Copyright:
© 2021 IEEE Computer Society. All rights reserved.
PY - 2021
Y1 - 2021
N2 - To effectively respond to vulnerabilities, information must not only be collected efficiently and quickly but also the vulnerability and the attack techniques must be understood. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses. Because the information in these two repositories is not directly related, identifying the related CAPEC attack information from the CVE vulnerability information is challenging. One proposed method traces some related CAPEC-ID from CVE-ID through Common Weakness Enumeration (CWE). However, it is not applicable to all patterns. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using TF-IDF and Doc2Vec. Additionally, we experimentally confirm that TF-IDF is more accurate than Doc2vec.
AB - To effectively respond to vulnerabilities, information must not only be collected efficiently and quickly but also the vulnerability and the attack techniques must be understood. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses. Because the information in these two repositories is not directly related, identifying the related CAPEC attack information from the CVE vulnerability information is challenging. One proposed method traces some related CAPEC-ID from CVE-ID through Common Weakness Enumeration (CWE). However, it is not applicable to all patterns. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using TF-IDF and Doc2Vec. Additionally, we experimentally confirm that TF-IDF is more accurate than Doc2vec.
UR - http://www.scopus.com/inward/record.url?scp=85108310038&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108310038&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85108310038
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 6996
EP - 7004
BT - Proceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
A2 - Bui, Tung X.
PB - IEEE Computer Society
T2 - 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
Y2 - 4 January 2021 through 8 January 2021
ER -