Towards the generation of hierarchical attack models from vulnerabilities using language models

Kacper Jakub Sowka, Vasile Palade, Xiaorui Jiang, Hesam Jadidbonab

Research output: Working paper/PreprintPreprint

24 Downloads (Pure)

Abstract

This paper investigates the use of a pre-trained language model and siamese network to discern sibling relationships between text-
based cybersecurity vulnerability data. The ultimate purpose of the approach presented in this paper is towards the construction
of hierarchical attack models based on a set of text descriptions characterising potential/observed vulnerabilities in a given system.
Due to the nature of the data, and the uncertainty sensitive environment in which the problem is presented, this task is treated as
a soft computing problem. Therefore, a key focus of this work is to investigate practical questions surrounding the reliability of
predicted links towards the construction of such models, to which end conceptual and practical challenges and solutions associated
with the proposed approach are outlined, such as dataset complexity and stability of predictions. Accordingly, the contributions of this paper focus on producing neural networks using a pre-trained language model for predicting sibling relationships between cybersecurity vulnerabilities, then outlining how to apply this capability towards the generation of hierarchical attack models. In
addition, two data sampling mechanisms for tackling data complexity, and a consensus mechanism for reducing the amount of false
positive predictions are outlined. Each of these approaches is compared and contrasted using empirical results from three sets of
cybersecurity data to determine their effectiveness.
Original languageEnglish
Publication statusSubmitted - Jan 2024

Keywords

  • natural language processing
  • siamese neural networks
  • cybersecurity
  • attack models

Fingerprint

Dive into the research topics of 'Towards the generation of hierarchical attack models from vulnerabilities using language models'. Together they form a unique fingerprint.

Cite this