Acceso al sitio web del Consejo de Políticas de Infraestructura
REVISTA
Information

   
Redirigiendo al acceso original de articulo en 19 segundos...
Inicio  /  Information  /  Vol: 12 Par: 8 (2021)  /  Artículo
ARTÍCULO
TITULO

Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques

Kenta Kanakogi    
Hironori Washizaki    
Yoshiaki Fukazawa    
Shinpei Ogata    
Takao Okubo    
Takehisa Kato    
Hideyuki Kanuka    
Atsuo Hazeyama and Nobukazu Yoshioka    

Resumen

For effective vulnerability management, vulnerability and attack information must be collected quickly and efficiently. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of common attributes and approaches employed by adversaries to exploit known weaknesses. Due to the fact that the information in these two repositories are not linked, identifying related CAPEC attack information from CVE vulnerability information is challenging. Currently, the related CAPEC-ID can be traced from the CVE-ID using Common Weakness Enumeration (CWE) in some but not all cases. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using three similarity measures: TF?IDF, Universal Sentence Encoder (USE), and Sentence-BERT (SBERT). We prepared and used 58 CVE-IDs as test input data. Then, we tested whether we could trace CAPEC-IDs related to each of the 58 CVE-IDs. Additionally, we experimentally confirm that TF?IDF is the best similarity measure, as it traced 48 of the 58 CVE-IDs to the related CAPEC-ID.

PÁGINAS
pp. 0 - 0

 Artículos similares

       
 
I. Oktaviani, M. Asril, Y. Aryanti, S. S. Leksikowati     Pág. 47 - 52
The conversion of agricultural land and plantation into an area with high human activity can affect the biodiversity contained in it. The biodiversity of a region can be surveyed and collect in a systematic database to know the wealth of flora and fauna ... ver más

 
Héctor Andrés Melgar Sasieta, Fabiano Duarte Beppler, Roberto Carlos do Santos Pacheco (Author)     Pág. 381 - 389
This paper presents a model that aims to facilitate the visualization of the knowledge stored in digital repositories using visual archetypes. Archetypes are structures that contain visual representations of the real world that are known a priori by the ... ver más

 
Santa Vallejo Figueroa, Valeria Nava Lozano     Pág. 1 - 21
Nowadays documents are the main way to represent information and knowledge in several domains. Continuously users store documents in hard disk or online media according to some personal organization based on topics, but such documents can contain one or ... ver más

 
J. Javier Samper-Zapater, Julián Gutiérrez-Moret, Jose Macario Rocha, Juan José Martinez-Durá and Vicente R. Tomás    
The significance of Linked Open Data datasets for traffic information extends beyond just including open traffic data. It incorporates links to other relevant thematic datasets available on the web. This enables federated queries across different data pl... ver más
Revista: Information

 
Eike Blomeier, Sebastian Schmidt and Bernd Resch    
In the early stages of a disaster caused by a natural hazard (e.g., flood), the amount of available and useful information is low. To fill this informational gap, emergency responders are increasingly using data from geo-social media to gain insights fro... ver más
Revista: Information