PNNL

Abstract

With the advent of new devices and applications, cyber attack surface is continuously evolving due to the emergence of new attack techniques and vulnerabilities. Hence, security management tool must assess the cyber risk of an enterprise at regular interval basis through comprehensively identifying associations among attack techniques, weakness, and vulnerabilities. However, existing repositories providing such associations are incomplete (i.e., missing associations), inducing the likelihood of undermining the risk of particular set of attack techniques. Moreover, such associations still rely on manual interpretation, which is slow compared to attack speed and ineffective for the increasing list of vulnerabilities and attack actions. Therefore, there is an urge to develop methodologies for automatically associating vulnerabilities to all relevant attack techniques. In this paper, we present a framework, named VWC-MAP, that can automatically identify all relevant attack techniques of a vulnerability via weakness based on their text descriptions, applying natural language process (NLP) techniques. To achieve that, we present a novel two-tiered classification approach, where the first tier classifies vulnerabilities to weakness, and the second tier classifies weakness to attack techniques. This research has improved the scalability of the current state-of-the-art tool to make vulnerability to weakness mapping significantly faster. Moreover, this paper presents two novel approaches for weakness to attack technique mapping applying Text-to-Text and link prediction techniques. Our experiment results cross-validated through cyber-security experts show that VWC-MAP can associate vulnerabilities to weakness types with 87% accuracy and to new attack patterns with 80% accuracy.