ABSTRACT

Increasing the variety and quantity of cyber threats becoming the evident that traditional human-in-loop approaches are no longer sufficient to keep systems safe. To address this momentous moot point, forward-thinking pioneers propose new cyber security strategy using automation to build a more efficient and cheaper defense.

Associating large number of unpatchable CVEs (vulnerability descriptions) generated everyday to appropriate CWE (weakness) and CAPEC (attack pattern) can be used to automatically infer the expected impact and corresponding mitigation course of actions for that new CVE. Routinely, adversary exploits a vulnerability to trigger a cyber attack where this vulnerability results from a product or system weakness. Hence, finding a common system weakness associated with a vulnerability within a particular product can help to identifying the software, system, or architecture flaw and the potential attack impacts. This identification leads to prevent, detect, and mitigate those flaws. On the other hand, after recognizing the cause and the effect of a vulnerability, discovering the proceduraloriented description of the attack to create behavioral observables for detection and mitigation is necessary that can be derived from CAPEC and ATTCK. Mapping the CWE to CAPEC and ATTCK which provides pre-TTP and post-TTP respectively where TTP stands for Tactics, Techniques, and Procedures. Having all CWE, CAPEC, and ATTCK in one hand enables us to find corresponding mitigation for each one. On the other hand, extracting threat actions provided by each of these concepts leads to find another type of mitigation coming from Critical Security Controls (CSC). In this proposal, the target is to do mapping all the way from CVE to CAPEC and ATTCk automatically using machine learning, deep learning, and natural language processing and find the appropriate mitigation for each one and then find a proper patch as course of action defense. So far, we have introduced a neural network model which successfully classifies CVE to CWE automatically and as working on a deep learning model to classify CWEs to CAPEC

BIO

Ehsan Aghaei is a second year PhD Computer Science student at UNC Charlotte. My research domain primarily is deep/machine learning and text mining for cyber security purposes.