A Multi-Model Approach to Enhance Automatic Matching of Vulnerabilities to Attack Patterns

Marine Sauze-Kadar; Thomas Loubier

doi:10.5220/0013555900003979

A Multi-Model Approach to Enhance Automatic Matching of Vulnerabilities to Attack Patterns

Marine Sauze-Kadar, Thomas Loubier

2025

Abstract

Security knowledge databases represent key information in the process of vulnerability assessment and test automation of industrial products. The CVE and CAPEC databases respectively describe vulnerabilities and attack patterns. Linking a CVE entry to CAPEC can facilitate the generation of test plans, in the context of product test automation. Unfortunately, the great majority of CVE have no direct references to CAPEC. Several research works have focused on matching automatically CVE and CAPEC by computing text similarity on their descriptions, evaluating various models, in particular the term frequency inverse document frequency (TF-IDF) technique and transformer-based models such as SBERT. Depending on CVE description characteristics and evaluation criteria, these models are likely to perform differently by capturing different information types: vocabulary, preprocessing methods, context around words, etc. Hence, we propose a new classifier-based approach to select the most adapted similarity computation model from a given selection to match a CVE description with linked CAPEC descriptions. We evaluate this method on a recent set of CVE with CAPEC labels and show an improvement of matching accuracy compared to state-of-the-art methods leveraging a single model to compute text similarity. Our results also highlight the bias in the training and test set of CVE-CAPEC pairs.

Download

Paper Citation

in Harvard Style

Sauze-Kadar M. and Loubier T. (2025). A Multi-Model Approach to Enhance Automatic Matching of Vulnerabilities to Attack Patterns. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 658-665. DOI: 10.5220/0013555900003979

in Bibtex Style

@conference{secrypt25,
author={Marine Sauze-Kadar and Thomas Loubier},
title={A Multi-Model Approach to Enhance Automatic Matching of Vulnerabilities to Attack Patterns},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={658-665},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013555900003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - A Multi-Model Approach to Enhance Automatic Matching of Vulnerabilities to Attack Patterns
SN - 978-989-758-760-3
AU - Sauze-Kadar M.
AU - Loubier T.
PY - 2025
SP - 658
EP - 665
DO - 10.5220/0013555900003979
PB - SciTePress