Cybersecurity Defenses: Exploration of CVE Types through Attack Descriptions

TL;DR

This paper presents VULDAT, a sentence transformer-based classification tool that links attack descriptions to vulnerabilities, demonstrating high accuracy and effective identification of CVE-related issues from attack data.

Contribution

Introduces VULDAT, a novel sentence transformer model for classifying vulnerabilities from attack descriptions, outperforming existing classifiers in accuracy and coverage.

Findings

VULDAT achieved an F1 score of 0.85.

Identified 56% of CVE vulnerabilities linked to attacks.

61% of vulnerabilities identified by VULDAT were in the CVE repository.

Abstract

Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool using a sentence transformer MPNET to identify system vulnerabilities from attack descriptions. Our model was applied to 100 attack techniques from the ATT&CK repository and 685 issues from the CVE repository. Then, we compare the performance of VULDAT against the other eight state-of-the-art classifiers based on sentence transformers. Our findings indicate that our model achieves the best performance with F1 score of 0.85, Precision of 0.86, and Recall of 0.83. Furthermore, we found 56% of CVE reports vulnerabilities associated with an attack were identified by VULDAT, and 61% of identified vulnerabilities were in the CVE repository.