Comparative Evaluation of NLP-Based Approaches for Linking CAPEC Attack Patterns from CVE Vulnerability Information

Kenta Kanakogi; Hironori Washizaki; Yoshiaki Fukazawa; Shinpei Ogata; Takao Okubo; Takehisa Kato; Hideyuki Kanuka; Atsuo Hazeyama; Nobukazu Yoshioka

doi:10.3390/app12073400

Applied Sciences (Mar 2022)

Comparative Evaluation of NLP-Based Approaches for Linking CAPEC Attack Patterns from CVE Vulnerability Information

Kenta Kanakogi,
Hironori Washizaki,
Yoshiaki Fukazawa,
Shinpei Ogata,
Takao Okubo,
Takehisa Kato,
Hideyuki Kanuka,
Atsuo Hazeyama,
Nobukazu Yoshioka

Affiliations

Kenta Kanakogi: Department of Computer Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan
Hironori Washizaki: Department of Computer Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan
Yoshiaki Fukazawa: Department of Computer Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan
Shinpei Ogata: Institute of Engineering, Academic Assembly, Shinshu University, Nagano 380-8553, Japan
Takao Okubo: Institute of Information Security, Yokohama 221-0835, Japan
Takehisa Kato: Hitachi, Ltd., Chiyoda-ku, Tokyo 100-8280, Japan
Hideyuki Kanuka: Hitachi, Ltd., Chiyoda-ku, Tokyo 100-8280, Japan
Atsuo Hazeyama: Department of Information Science, Tokyo Gakugei University, Koganei-shi 184-8501, Japan
Nobukazu Yoshioka: Research Institute for Science and Engineering, Waseda University, Shinjuku-ku, Tokyo 169-8555, Japan

DOI: https://doi.org/10.3390/app12073400
Journal volume & issue: Vol. 12, no. 7
p. 3400

Abstract

Read online

Vulnerability and attack information must be collected to assess the severity of vulnerabilities and prioritize countermeasures against cyberattacks quickly and accurately. Common Vulnerabilities and Exposures is a dictionary that lists vulnerabilities and incidents, while Common Attack Pattern Enumeration and Classification is a dictionary of attack patterns. Direct identification of common attack pattern enumeration and classification from common vulnerabilities and exposures is difficult, as they are not always directly linked. Here, an approach to directly find common links between these dictionaries is proposed. Then, several patterns, which are combinations of similarity measures and popular algorithms such as term frequency–inverse document frequency, universal sentence encoder, and sentence BERT, are evaluated experimentally using the proposed approach. Specifically, two metrics, recall and mean reciprocal rank, are used to assess the traceability of the common attack pattern enumeration and classification identifiers associated with 61 identifiers for common vulnerabilities and exposures. The experiment confirms that the term frequency–inverse document frequency algorithm provides the best overall performance.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords