Home


CVE-Driven Attack Technique Prediction with Semantic Information Extraction and a Domain-Specific Language Model

This is my personal note about the paper introduction. https://arxiv.org/abs/2309.02785

Abstract

This paper proposed new techniques called "TTPpredictor" which predict TTP within the ATT&CK framework by CVE information. They uses Semantic Role Labeling(SRL) and SecureBERT. The method's accuracy is over 90%.

Objective

CVE are common vulnerability format but it don't describe how to be used by attacker(TTP). This paper focus to fill the gaps.

Methods

Results

Interesting points

Phrase

We present novel techniques implemented in the TTPpredictor tool to analyze the CVE description and infer the plausible TTP attacks caused by exploiting this CVE.