A Framework for Modeling Cyber Attack Techniques from Security Vulnerability Descriptions

Hodaya Binyamini, Ron Bitton, Masaki Inokuchi, Tomohiko Yagyu, Yuval Elovici, Asaf Shabtai

نتاج البحث: فصل من :كتاب / تقرير / مؤتمرمنشور من مؤتمرمراجعة النظراء

ملخص

Attack graphs are one of the main techniques used to automate the cybersecurity risk assessment process. In order to derive a relevant attack graph, up-to-date information on known cyber attack techniques should be represented as interaction rules. However, designing and creating new interaction rules is a time consuming task performed manually by security experts. We present a novel, end-to-end, automated framework for modeling new attack techniques from the textual description of security vulnerabilities. Given a description of a security vulnerability, the proposed framework first extracts the relevant attack entities required to model the attack, completes missing information on the vulnerability, and derives a new interaction rule that models the attack; this new rule is then integrated within the MulVal attack graph tool. The proposed framework implements a novel data science pipeline that includes a dedicated cybersecurity linguistic model trained on the NVD repository, a recurrent neural network model used for attack entity extraction, a logistic regression model used for completing the missing information, and a transition probability matrix for automatically generating new interaction rule. We evaluated the performance of each of the individual algorithms, as well as the complete framework, and demonstrated its effectiveness.

اللغة الأصليةإنجليزيّة أمريكيّة
عنوان منشور المضيفKDD 2021 - Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining
الصفحات2574-2583
عدد الصفحات10
رقم المعيار الدولي للكتب (الإلكتروني)9781450383325
المعرِّفات الرقمية للأشياء
حالة النشرنُشِر - 14 أغسطس 2021
الحدث27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2021 - Virtual, Online, سنغافورة
المدة: ١٤ أغسطس ٢٠٢١١٨ أغسطس ٢٠٢١

سلسلة المنشورات

الاسمProceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

!!Conference

!!Conference27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2021
الدولة/الإقليمسنغافورة
المدينةVirtual, Online
المدة١٤/٠٨/٢١١٨/٠٨/٢١

All Science Journal Classification (ASJC) codes

  • !!Software
  • !!Information Systems

بصمة

أدرس بدقة موضوعات البحث “A Framework for Modeling Cyber Attack Techniques from Security Vulnerability Descriptions'. فهما يشكلان معًا بصمة فريدة.

قم بذكر هذا