Abstract
Increasing the variety and quantity of cyber threats becoming the evident that traditional human-in-loop approaches are no longer sufficient to keep systems safe. To address this momentous moot point, forward-thinking pioneers propose new cyber security strategy using automation to build a more efficient and cheaper defense. Associating large number of unpatchable CVEs (vulnerability descriptions) generated everyday to appropriate CWE (weakness) and CAPEC (attack pattern) can be used to automatically infer the expected impact and corresponding mitigation course of actions for that new CVE. Routinely, adversary exploits a vulnerability to trigger a cyber attack where this vulnerability results from a product or system weakness. Hence, finding a common system weakness associated with a vulnerability within a particular product can help to identifying the software, system, or architecture flaw and the potential attack impacts. This identification leads to prevent, detect, and mitigate those flaws. On the other hand, after recognizing the cause and the effect of a vulnerability, discovering the procedural-oriented description of the attack to create behavioral observables for detection and mitigation is necessary that can be derived from CAPEC and ATTCK. Mapping the CWE to CAPEC and ATTCK which provides pre-TTP and post-TTP respectively where TTP stands for Tactics, Techniques, and Procedures. Having all CWE, CAPEC, and ATTCK in one hand enables us to find corresponding mitigation for each one. On the other hand, extracting threat actions provided by each of these concepts leads to find another type of mitigation coming from Critical Security Controls (CSC). In this proposal, the target is to do mapping all the way from CVE to CAPEC and ATTCk automatically using machine learning, deep learning, and natural language processing and find the appropriate mitigation for each one and then find a proper patch as course of action defense. So far, we have introduced a neural network model which successfully classifies CVE to CWE automatically and as working on a deep learning model to classify CWEs to CAPEC.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019 |
| Publisher | Association for Computing Machinery |
| ISBN (Electronic) | 9781450371476 |
| DOIs | |
| State | Published - 1 Apr 2019 |
| Externally published | Yes |
| Event | 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019 - Nashville, United States Duration: 1 Apr 2019 → 3 Apr 2019 |
Publication series
| Name | ACM International Conference Proceeding Series |
|---|
Conference
| Conference | 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019 |
|---|---|
| Country/Territory | United States |
| City | Nashville |
| Period | 1/04/19 → 3/04/19 |
Bibliographical note
Publisher Copyright:© 2019 Copyright held by the owner/author(s).
Keywords
- CAPEC
- CVE
- CWE
- Cyber Security
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications