• Corpus ID: 222090819

BRON - Linking Attack Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations

@article{Hemberg2020BRONL,
  title={BRON - Linking Attack Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations},
  author={Erik Hemberg and Jonathan Kelly and Michal Shlapentokh-Rothman and Bryn Reinstadler and Katherine Xu and Nick Rutar and Una-May O’Reilly},
  journal={ArXiv},
  year={2020},
  volume={abs/2010.00533}
}
Many public sources of cyber threat and vulnerability information exist to serve the defense of cyber systems. This paper proposes BRON which is a composite of MITRE's ATT&CK MATRIX, NIST's Common Weakness Enumerations (CWE), Common Vulnerabilities and Exposures (CVE), and Common Attack Pattern Enumeration and Classification, CAPEC. BRON preserves all entries and relations while enabling bi-directional, relational path tracing. It exploits attack patterns to trace between the objectives and… 
Linking Common Vulnerabilities and Exposures to the MITRE ATT&CK Framework: A Self-Distillation Approach
TLDR
A model, named the CVE Transformer (CVET), is proposed, to label CVEs with one of ten MITRE ATT&CK tactics, and empirical results on a gold-standard dataset suggest that the proposed novelties can increase model performance in F1-score.
Coevolutionary modeling of cyber attack patterns and mitigations using public datasets
TLDR
This work incorporates known threats and vulnerabilities into a stylized "competition" that pits cyber attack patterns against mitigations, and align three abstract models of population-level dynamics where APTs interact with defenses with three competitive, coevolutionary algorithm variants that use the competition.
Detecting and Augmenting Missing Key Aspects in Vulnerability Descriptions
TLDR
This article proposes a neural-network-based approach called PMA to predict the missing key aspects of a vulnerability based on its known aspects and validate the predicting performance of key aspect augmentation of CVEs based on the manually augmented CVE data collected from NVD, which confirms the practicality of the approach.
Towards automation of threat modeling based on a semantic model of attack patterns and weaknesses
TLDR
This work considers challenges of building and usage a formal knowledge base (model), which unites the ATT&CK, CAPEC, CWE, CVE security enumerations, and creates an ontology driven threat modeling framework based on the knowledge base and freely available datasets.
Using a Collated Cybersecurity Dataset for Machine Learning and Artificial Intelligence
TLDR
It is demonstrated how BRON can support prediction of related threat techniques and attack patterns and other AI and ML uses of BRON to exploit its behavioral knowledge are discussed.
Detecting and Augmenting Missing Key Aspects in Vulnerability Descriptions
  • Hao Guo
  • Education, Computer Science
  • 2021
TLDR
This paper presents a meta-modelling architecture suitable for inference and decision-making that was developed at the Tsinghua University Research School of Computer Science (RSCS) in Beijing, China.
Attack Techniques and Threat Identification for Vulnerabilities
Modern organizations struggle with what is often considered an insurmountable number of vulnerabilities that are discovered and reported by their network and application vulnerability scanners.

References

SHOWING 1-10 OF 32 REFERENCES
Common Attack Pattern Enumeration and Classification — CAPEC TM A Community Knowledge Resource for Building Secure Software
  • Computer Science
  • 2013
TLDR
To respond effectively, the community needs to think outside of the box and have a firm grasp of the attacker’s perspective and the approaches used to exploit software systems.
MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform
TLDR
The aim of MISP is to help in setting up preventive actions and counter-measures used against targeted attacks, and to Enable detection via collaborative-knowledge-sharing about existing malware and other threats.
An Efficient Formal Framework for Intrusion Detection Systems
The SEPSES Knowledge Graph: An Integrated Resource for Cybersecurity
TLDR
This paper introduces an evolving cybersecurity knowledge graph that integrates and links critical information on real-world vulnerabilities, weaknesses and attack patterns from various publicly available sources and can be easily linked to locally available information.
OVM: an ontology for vulnerability management
TLDR
The ontology for vulnerability management (OVM) has been populated with all vulnerabilities in NVD with additional inference rules, knowledge representation, and data-mining mechanisms and provides a promising pathway to making ISAP successful.
UCO: A Unified Cybersecurity Ontology
TLDR
The Unified Cybersecurity Ontology (UCO) is described, which is intended to support information integration and cyber situational awareness in cybersecurity systems and is the first cybersecurity ontology that has been mapped to general world ontologies to support broader and diverse security use cases.
Developing an Ontology for Cyber Security Knowledge Graphs
TLDR
An ontology developed for a cyber security knowledge graph database is described to provide an organized schema that incorporates information from a large variety of structured and unstructured data sources, and includes all relevant concepts within the domain.
The Incident Object Description Exchange Format
TLDR
This document describes the information model for the IODEF and provides an associated data model specified with XML Schema.
Finding Cyber Threats with ATT & CK TM-Based Analytics
...
...