English
Related papers

Related papers: CVE-driven Attack Technique Prediction with Semant…

200 papers

In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs…

Cryptography and Security · Computer Science 2023-12-06 Manuel Poisson , Valérie Viet Triem Tong , Gilles Guette , Frédéric Guihéry , Damien Crémilleux

The MITRE ATT&CK framework is a widely adopted tool for enhancing cybersecurity, supporting threat intelligence, incident response, attack modeling, and vulnerability prioritization. This paper synthesizes research on its application across…

Cryptography and Security · Computer Science 2025-02-18 Yuning Jiang , Qiaoran Meng , Feiyang Shang , Nay Oo , Le Thi Hong Minh , Hoon Wei Lim , Biplab Sikdar

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports.…

Cryptography and Security · Computer Science 2025-09-05 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

This works considers challenges of building and usage a formal knowledge base (model), which unites the ATT&CK, CAPEC, CWE, CVE security enumerations. The proposed model can be used to learn relations between attack techniques, attack…

Cryptography and Security · Computer Science 2021-12-09 Andrei Brazhuk

Software vulnerabilities have been continually disclosed and documented. An important practice in documenting vulnerabilities is to describe the key vulnerability aspects, such as vulnerability type, root cause, affected product, impact,…

Software Engineering · Computer Science 2020-08-07 Hao Guo , Zhenchang Xing , Xiaohong Li

The cyberthreat landscape is continuously evolving. Hence, continuous monitoring and sharing of threat intelligence have become a priority for organizations. Threat reports, published by cybersecurity vendors, contain detailed descriptions…

Cryptography and Security · Computer Science 2022-10-07 Md Rayhanur Rahman , Laurie Williams

Weaknesses in computer systems such as faults, bugs and errors in the architecture, design or implementation of software provide vulnerabilities that can be exploited by attackers to compromise the security of a system. Common Weakness…

Machine Learning · Computer Science 2021-02-24 Siddhartha Shankar Das , Edoardo Serra , Mahantesh Halappanavar , Alex Pothen , Ehab Al-Shaer

Identification of cyber threats is one of the essential tasks for security teams. Currently, cyber threats can be identified using knowledge organized into various formats, enumerations, and knowledge bases. This paper studies the current…

Cryptography and Security · Computer Science 2022-06-30 Lukáš Sadlek , Pavel Čeleda , Daniel Tovarňák

Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool…

Cryptography and Security · Computer Science 2024-07-12 Refat Othman , Bruno Rossi , Barbara Russo

Relational databases underpin critical infrastructure across a wide range of domains, yet the design of generalizable pre-training strategies for learning from relational databases remains an open challenge due to task heterogeneity.…

Machine Learning · Computer Science 2026-02-02 Quang Truong , Zhikai Chen , Mingxuan Ju , Tong Zhao , Neil Shah , Jiliang Tang

The volume, variety, and velocity of change in vulnerabilities and exploits have made incident threat analysis challenging with human expertise and experience along. Tactics, Techniques, and Procedures (TTPs) are to describe how and why…

Artificial Intelligence · Computer Science 2023-08-24 Reza Fayyazi , Shanchieh Jay Yang

Extracting MITRE ATT&CK techniques from cyber threat intelligence (CTI) reports is an open-set, multi-label problem requiring both high recall (not missing techniques) and high precision (not hallucinating unsupported ones). Existing…

Cryptography and Security · Computer Science 2026-05-26 Yutong Cheng , Changze Li , Raihan Sultan Pasha Basuki , Qian Cui , Wei Ding , Peng Gao

Cyber threat intelligence (CTI) encoded in STIX and structured according to the MITRE ATT&CK framework has become a global reference for describing adversary behavior. However, ATT&CK was designed as a descriptive knowledge base rather than…

Cryptography and Security · Computer Science 2026-05-08 Ágney Lopes Roth Ferraz , Sidnei Barbieri , Murray Evangelista de Souza , Lourenço Alves Pereira Júnior

Despite the fact that cyberattacks are constantly growing in complexity, the research community still lacks effective tools to easily monitor and understand them. In particular, there is a need for techniques that are able to not only track…

Cryptography and Security · Computer Science 2019-05-30 Yun Shen , Gianluca Stringhini

The escalating frequency of cyber-attacks poses significant challenges for organisations, particularly small enterprises constrained by limited in-house expertise, insufficient knowledge, and financial resources. This research presents a…

Cryptography and Security · Computer Science 2026-03-16 Emad Sherif , Iryna Yevseyeva , Vitor Basto-Fernandes , Allan Cook

Security assessment relies on public information about products, vulnerabilities, and weaknesses. So far, databases in these categories have rarely been analyzed in combination. Yet, doing so could help predict unreported vulnerabilities…

Cryptography and Security · Computer Science 2024-02-13 Zhenpeng Shi , Nikolay Matyunin , Kalman Graffi , David Starobinski

Cyber attacks are becoming more sophisticated and diverse, making detection increasingly challenging. To combat these attacks, security practitioners actively summarize and exchange their knowledge about attacks across organizations in the…

Cryptography and Security · Computer Science 2022-05-31 Zhenyuan Li , Jun Zeng , Yan Chen , Zhenkai Liang

Engineering more secure software has become a critical challenge in the cyber world. It is very important to develop methodologies, techniques, and tools for developing secure software. To develop secure software, software developers need…

Software Engineering · Computer Science 2023-02-14 Nicholas Lasky , Benjamin Hallis , Mounika Vanamala , Rushit Dave , Jim Seliya

Common Vulnerability and Exposure (CVE) records are fundamental to cybersecurity, offering unique identifiers for publicly known software and system vulnerabilities. Each CVE is typically assigned a Common Vulnerability Scoring System…

Cryptography and Security · Computer Science 2025-04-16 Francesco Marchiori , Denis Donadel , Mauro Conti

The increasingly sophisticated and growing number of threat actors along with the sheer speed at which cyber attacks unfold, make timely identification of attacks imperative to an organisations' security. Consequently, persons responsible…

Cryptography and Security · Computer Science 2022-07-19 Clemens Sauerwein , Alexander Pfohl