Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/71462

Tracing CAPEC Attack Patterns from CVE Vulnerability Information using Natural Language Processing Technique

File Size Format  
0684.pdf 1.03 MB Adobe PDF View/Open

Item Summary

Title:Tracing CAPEC Attack Patterns from CVE Vulnerability Information using Natural Language Processing Technique
Authors:Kanakogi, Kenta
Washizaki, Hironori
Fukazawa, Yoshiaki
Ogata, Shinpei
Okubo , Takao
show 4 moreKato, Takehisa
Kanuka, Hideyuki
Hazeyama, Atsuo
Yoshioka, Nobukazu
show less
Keywords:Cybersecurity and Software Assurance
common attack pattern enumeration and classification
common vulnerabilities and exposures
natural language processing
security
Date Issued:05 Jan 2021
Abstract:To effectively respond to vulnerabilities, information must not only be collected efficiently and quickly but also the vulnerability and the attack techniques must be understood. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses. Because the information in these two repositories is not directly related, identifying the related CAPEC attack information from the CVE vulnerability information is challenging. One proposed method traces some related CAPEC-ID from CVE-ID through Common Weakness Enumeration (CWE). However, it is not applicable to all patterns. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using TF-IDF and Doc2Vec. Additionally, we experimentally confirm that TF-IDF is more accurate than Doc2vec.
Pages/Duration:9 pages
URI:http://hdl.handle.net/10125/71462
ISBN:978-0-9981331-4-0
DOI:10.24251/HICSS.2021.841
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Cybersecurity and Software Assurance


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons