Cybersecurity is a serious issue. Protecting our online data is a top priority in the current digital era. Data breaches and cyberattacks are common, and they can have some serious, disastrous results. And so, we must be alert and take precautions to protect our digital lives.

Every day is a field day for cyber defenders. Their prime responsibility is tracking and preventing different kinds of attacks and threats against computer systems, which is a difficult undertaking. Given that cybercriminals have access to more than 213,800 documented vulnerabilities, it is essential to appropriately prioritize and reduce these risks effectively.

Researchers from Purdue University, Carnegie Mellon University, Boise State University, and the Department of Energy’s Pacific Northwest National Laboratory have created the VWC-MAP model as a solution to this problem. The approach helps defenders to swiftly identify threats, comprehend their sources, and take necessary action to avoid cyberattacks by connecting vulnerabilities, weaknesses, and attack patterns.

They presented their study at the 2022 IEEE International Symposium on Technologies for Homeland Security (HST), which published their paper. A part of the work is currently accessible on GitHub and is open source. The remaining code will shortly be made available by the team.

Recommended: The Future of Cybersecurity with ChatGPT: How to Stay Ahead of the Curve

Mahantesh Halappanavar, a chief computer scientist at PNNL, leading the overall effort said,

“Cyber defenders are inundated with information and lines of code. What they need is interpretation and support for prioritization. Where are we vulnerable? What actions can we take?”

He further added,

“If you are a cyber defender, you may be dealing with hundreds of vulnerabilities a day. You need to know how those could be exploited and what you need to do to mitigate those threats. That’s the crucial missing piece. You want to know the implications of a bug, how that might be exploited, and how to stop that threat.”

Combining Three Cybersecurity Databases

The VWC-MAP model connects data from three different cybersecurity databases using supervised learning and natural language processing:

• Vulnerabilities: These are particular segments of code that can be used in an assault. The National Vulnerability Database’s “common vulnerabilities and exposures” (CVEs), which contain a list of more than 200,000 flaws, are used by the model.
• Weaknesses: This category divides vulnerabilities into groups according to the possible outcomes of an exploit. The “common weakness enumerations” (CWEs), which are composed of about 1,000 classifications, from the MITRE Corporation are incorporated into the model.
• Attacks: The term “common attack pattern enumerations and classification” (CAPECs) refers to probable attack “vectors” or paths. The model includes more than 500 attack pathways that MITRE maintains.

Recommended: CyberCatch Shares Example of Helping Customers Attain Cybersecurity Compliance in Two Weeks 

Empowering Cyber Defenders

The VWC-MAP concept makes it easier for cyber defenders to see and comprehend risks by connecting these three databases. The approach divides vulnerabilities into broad categories and offers information on possible attack paths, enabling defenders to effectively neutralize threats. By detecting vulnerabilities, as well as their corresponding weaknesses and attack methods, the goal is to stop any potential exploitation.

Accurate Linking with AI

The VWC-MAP model links vulnerabilities, weaknesses, and attack patterns with excellent accuracy. It can correlate weaknesses with attack patterns with up to 80% accuracy and link vulnerabilities with weaknesses with up to 87% accuracy. Although these figures outperform existing methods, more research is necessary to confirm the model’s usefulness on a broader scale.

Addressing Data Limitations

The lack of labeled data for training the model was one of the difficulties encountered. Less than 1% of vulnerabilities at the moment are connected to specific attacks. The team used a sequence-to-sequence model (T5) and an auto-encoder (BERT) to fine-tune pre-trained natural language models in order to get around this constraint. Both strategies produced comparable outcomes and were approved by cybersecurity professionals.

Open-Source Platform for Testing

The researchers are encouraging cybersecurity professionals to evaluate and confirm the performance of the VWC-MAP model by making it open-source. Using this platform, professionals can evaluate how well the model classifies vulnerabilities and contribute to its continued improvement.

Conclusion

A collaborative team of researchers created the VWC-MAP model, which uses AI to link vulnerabilities, flaws, and attack patterns. The methodology gives cyber defenders with useful insights for efficiently prioritizing and managing risks by giving a comprehensive perspective of potential threats.

The VWC-MAP model is an open-source platform that welcomes additional testing and collaboration from cybersecurity experts to improve its functionality and increase cybersecurity practices.

Source: Towards Automatic Mapping of Vulnerabilities to Attack Patterns using Large Language Models

S. S. Das, A. Dutta, S. Purohit, E. Serra, M. Halappanavar and A. Pothen, “Towards Automatic Mapping of Vulnerabilities to Attack Patterns using Large Language Models,” 2022 IEEE International Symposium on Technologies for Homeland Security (HST), Boston, MA, USA, 2022, pp. 1-7, doi: 10.1109/HST56032.2022.10025459.