1 research outputs found
An Automated, End-to-End Framework for Modeling Attacks From Vulnerability Descriptions
Attack graphs are one of the main techniques used to automate the risk
assessment process. In order to derive a relevant attack graph, up-to-date
information on known attack techniques should be represented as interaction
rules. Designing and creating new interaction rules is not a trivial task and
currently performed manually by security experts. However, since the number of
new security vulnerabilities and attack techniques continuously and rapidly
grows, there is a need to frequently update the rule set of attack graph tools
with new attack techniques to ensure that the set of interaction rules is
always up-to-date. We present a novel, end-to-end, automated framework for
modeling new attack techniques from textual description of a security
vulnerability. Given a description of a security vulnerability, the proposed
framework first extracts the relevant attack entities required to model the
attack, completes missing information on the vulnerability, and derives a new
interaction rule that models the attack; this new rule is integrated within
MulVAL attack graph tool. The proposed framework implements a novel pipeline
that includes a dedicated cybersecurity linguistic model trained on the the NVD
repository, a recurrent neural network model used for attack entity extraction,
a logistic regression model used for completing the missing information, and a
novel machine learning-based approach for automatically modeling the attacks as
MulVAL's interaction rule. We evaluated the performance of each of the
individual algorithms, as well as the complete framework and demonstrated its
effectiveness.Comment: 16 pages, 11 figure