Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques

Kenta Kanakogi; Hironori Washizaki; Yoshiaki Fukazawa; Shinpei Ogata; Takao Okubo; Takehisa Kato; Hideyuki Kanuka; Atsuo Hazeyama; Nobukazu Yoshioka

doi:10.3390/info12080298

Information (Jul 2021)

Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques

Kenta Kanakogi,
Hironori Washizaki,
Yoshiaki Fukazawa,
Shinpei Ogata,
Takao Okubo,
Takehisa Kato,
Hideyuki Kanuka,
Atsuo Hazeyama,
Nobukazu Yoshioka

Affiliations

Kenta Kanakogi: Department of Computer Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan
Hironori Washizaki: Department of Computer Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan
Yoshiaki Fukazawa: Department of Computer Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan
Shinpei Ogata: Institute of Engineering, Academic Assembly, Shinshu University, Nagano City, Nagano 380-8553, Japan
Takao Okubo: Institute of Information Security, Yokohama, Kanagawa 221-0835, Japan
Takehisa Kato: Hitachi, Ltd., Chiyoda-ku, Tokyo 100-8280, Japan
Hideyuki Kanuka: Hitachi, Ltd., Chiyoda-ku, Tokyo 100-8280, Japan
Atsuo Hazeyama: Department of Information Science, Tokyo Gakugei University, Koganei-shi, Tokyo 184-8501, Japan
Nobukazu Yoshioka: Research Institute for Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan

DOI: https://doi.org/10.3390/info12080298
Journal volume & issue: Vol. 12, no. 8
p. 298

Abstract

Read online

For effective vulnerability management, vulnerability and attack information must be collected quickly and efficiently. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of common attributes and approaches employed by adversaries to exploit known weaknesses. Due to the fact that the information in these two repositories are not linked, identifying related CAPEC attack information from CVE vulnerability information is challenging. Currently, the related CAPEC-ID can be traced from the CVE-ID using Common Weakness Enumeration (CWE) in some but not all cases. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using three similarity measures: TF–IDF, Universal Sentence Encoder (USE), and Sentence-BERT (SBERT). We prepared and used 58 CVE-IDs as test input data. Then, we tested whether we could trace CAPEC-IDs related to each of the 58 CVE-IDs. Additionally, we experimentally confirm that TF–IDF is the best similarity measure, as it traced 48 of the 58 CVE-IDs to the related CAPEC-ID.

Published in Information

ISSN: 2078-2489 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology
Website: http://www.mdpi.com/journal/information/

About the journal

Abstract

Keywords