| Title | Machine Learning Based Approach for the Automated Mapping of Discovered Vulnerabilities to Adversial Tactics |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Lakhdhar, Yosra, Rekhis, Slim |
| Conference Name | 2021 IEEE Security and Privacy Workshops (SPW) |
| Keywords | automatic mapping, composability, Conferences, Digital Forensic Engineering, Forensics, machine learning, machine learning algorithms, Measurement, MITRE Adversarial Tactics, Neural networks, privacy, pubcrawl, resilience, Resiliency, system vulnerabilities |
| Abstract | To defend networks against security attacks, cyber defenders have to identify vulnerabilities that could be exploited by an attacker and fix them. However, vulnerabilities are constantly evolving and their number is rising. In addition, the resources required (i.e., time and cost) to patch all the identified vulnerabilities and update the affected assets are not always affordable. For these reasons, the defender needs to have a set of metrics that could be used to automatically map new discovered vulnerabilities to potential attack tactics. Using such a mapping to attack tactics, will allow security solutions to better respond inline to any vulnerabilities exploitation tentatives, by selecting and prioritizing suitable response strategy. In this work, we provide a multilabel classification approach to automatically map a detected vulnerability to the MITRE Adversarial Tactics that could be used by the attacker. The proposed approach will help cyber defenders to prioritize their defense strategies, ensure a rapid and efficient investigation process, and well manage new detected vulnerabilities. We evaluate a set of machine learning algorithms (BinaryRelevance, LabelPowerset, ClassifierChains, MLKNN, BRKNN, RAkELd, NLSP, and Neural Networks) and found out that ClassifierChains with RandomForest classifier is the best method in our experiment. |
| DOI | 10.1109/SPW53761.2021.00051 |
| Citation Key | lakhdhar_machine_2021 |
Machine Learning Based Approach for the Automated Mapping of Discovered Vulnerabilities to Adversial Tactics