A Framework for Modeling Cyber Attack Techniques from Security Vulnerability Descriptions

Hodaya Binyamini, Ron Bitton, Masaki Inokuchi, Tomohiko Yagyu, Yuval Elovici, Asaf Shabtai

פרסום מחקרי: פרק בספר / בדוח / בכנספרסום בספר כנסביקורת עמיתים

תקציר

Attack graphs are one of the main techniques used to automate the cybersecurity risk assessment process. In order to derive a relevant attack graph, up-to-date information on known cyber attack techniques should be represented as interaction rules. However, designing and creating new interaction rules is a time consuming task performed manually by security experts. We present a novel, end-to-end, automated framework for modeling new attack techniques from the textual description of security vulnerabilities. Given a description of a security vulnerability, the proposed framework first extracts the relevant attack entities required to model the attack, completes missing information on the vulnerability, and derives a new interaction rule that models the attack; this new rule is then integrated within the MulVal attack graph tool. The proposed framework implements a novel data science pipeline that includes a dedicated cybersecurity linguistic model trained on the NVD repository, a recurrent neural network model used for attack entity extraction, a logistic regression model used for completing the missing information, and a transition probability matrix for automatically generating new interaction rule. We evaluated the performance of each of the individual algorithms, as well as the complete framework, and demonstrated its effectiveness.

שפה מקוריתאנגלית אמריקאית
כותר פרסום המארחKDD 2021 - Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining
עמודים2574-2583
מספר עמודים10
מסת"ב (אלקטרוני)9781450383325
מזהי עצם דיגיטלי (DOIs)
סטטוס פרסוםפורסם - 14 אוג׳ 2021
אירוע27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2021 - Virtual, Online, סינגפור
משך הזמן: 14 אוג׳ 202118 אוג׳ 2021

סדרות פרסומים

שםProceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

כנס

כנס27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, KDD 2021
מדינה/אזורסינגפור
עירVirtual, Online
תקופה14/08/2118/08/21

ASJC Scopus subject areas

  • ???subjectarea.asjc.1700.1712???
  • ???subjectarea.asjc.1700.1710???

טביעת אצבע

להלן מוצגים תחומי המחקר של הפרסום 'A Framework for Modeling Cyber Attack Techniques from Security Vulnerability Descriptions'. יחד הם יוצרים טביעת אצבע ייחודית.

פורמט ציטוט ביבליוגרפי