Towards the generation of hierarchical attack models from cybersecurity vulnerabilities using language models

TL;DR

This paper presents a neural network approach using pre-trained language models and siamese networks to predict relationships between cybersecurity vulnerabilities, aiming to construct hierarchical attack models from text data.

Contribution

It introduces a novel method combining language models and siamese networks for vulnerability relationship prediction and proposes data sampling and consensus mechanisms to improve reliability.

Findings

Neural networks effectively predict sibling relationships between vulnerabilities.

Sampling and consensus mechanisms reduce false positives.

Empirical results validate the approach across multiple datasets.

Abstract

This paper investigates the use of a pre-trained language model and siamese network to discern sibling relationships between text-based cybersecurity vulnerability data. The ultimate purpose of the approach presented in this paper is towards the construction of hierarchical attack models based on a set of text descriptions characterising potential/observed vulnerabilities in a given system. Due to the nature of the data, and the uncertainty sensitive environment in which the problem is presented, a practically oriented soft computing approach is necessary. Therefore, a key focus of this work is to investigate practical questions surrounding the reliability of predicted links towards the construction of such models, to which end conceptual and practical challenges and solutions associated with the proposed approach are outlined, such as dataset complexity and stability of predictions. Accordingly, the contributions of this paper focus on producing neural networks using a pre-trained language model for predicting sibling relationships between cybersecurity vulnerabilities, then outlining how to apply this capability towards the generation of hierarchical attack models. In addition, two data sampling mechanisms for tackling data complexity, and a consensus mechanism for reducing the amount of false positive predictions are outlined. Each of these approaches is compared and contrasted using empirical results from three sets of cybersecurity data to determine their effectiveness.