CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors

· Source: Artificial Intelligence · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Advanced, quick

Summary

The CVE-TTP Knowledge Graph (KG) addresses a critical gap in cybersecurity by linking software vulnerabilities (CVEs) to specific attacker behaviors, including tactics and techniques from the MITRE ATT&CK framework. This work develops a system that uses Transformer-based models, notably CySecBERT, to identify these behaviors with high accuracy, achieving macro F1-scores of 87.71% for techniques and 96.16% for tactics. Researchers also created a substantial annotated dataset comprising 24,820 entities and 43,608 relations to facilitate entity and relation extraction. A pipeline-based approach demonstrated strong performance with macro F1-scores of 0.86 for entity extraction and 0.99 for relation extraction, while a span-based joint model achieved 0.78. The resulting knowledge graph is integrated into a Neo4j-based Cyber Threat Knowledge Graph, providing structured visualization for enhanced threat interpretation and response.

Key takeaway

For cybersecurity analysts and AI security engineers focused on threat interpretation, integrating the CVE-TTP Knowledge Graph can significantly enhance your understanding of vulnerability exploitation. This system provides direct links between CVEs and MITRE ATT&CK behaviors, allowing you to quickly contextualize threats and prioritize responses. You should consider adopting similar knowledge graph approaches to enrich your existing vulnerability management platforms and improve proactive defense strategies.

Key insights

A knowledge graph effectively links CVEs to MITRE ATT&CK behaviors using Transformer models for improved threat intelligence.

Principles

Method

The approach involves classification and relation extraction using Transformer-based models like CySecBERT, followed by integration into a Neo4j-based Cyber Threat Knowledge Graph for visualization.

In practice

Topics

Best for: NLP Engineer, CTO, VP of Engineering/Data, AI Scientist, AI Security Engineer, Research Scientist

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.