Author
Listed:
- Chenhui Zhang
(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China)
- Le Wang
(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Peng Cheng Laboratory, Shenzhen 518000, China)
- Dunqiu Fan
(NSFOCUS Inc., Guangzhou 510006, China)
- Junyi Zhu
(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China)
- Tang Zhou
(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China)
- Liyi Zeng
(Peng Cheng Laboratory, Shenzhen 518000, China)
- Zhaohua Li
(Shenzhen Institute for Advanced Study, University of Electronic Science and Technology of China, Shenzhen 518110, China)
Abstract
Vulnerabilities are often accompanied by cyberattacks. CVE is the largest repository of open vulnerabilities, which keeps expanding. ATT&CK models known multi-step attacks both tactically and technically and remains up to date. It is valuable to correlate the vulnerability in CVE with the corresponding tactic and technique of ATT&CK which exploit the vulnerability, for active defense. Mappings manually is not only time-consuming but also difficult to keep up-to-date. Existing language-based automated mapping methods do not utilize the information associated with attack behaviors outside of CVE and ATT&CK and are therefore ineffective. In this paper, we propose a novel framework named VTT-LLM for mapping V ulnerabilities to T actics and T echniques based on L arge L anguage M odels, which consists of a generation model and a mapping model. In order to generate fine-tuning instructions for LLM, we create a template to extract knowledge of CWE (a standardized list of common weaknesses) and CAPEC (a standardized list of common attack patterns). We train the generation model of VTT-LLM by fine-tuning the LLM according to the above instructions. The generation model correlates vulnerability and attack through their descriptions. The mapping model transforms the descriptions of ATT&CK tactics and techniques into vectors through text embedding and further associates them with attacks through semantic matching. By leveraging the knowledge of CWE and CAPEC, VTT-LLM can eventually automate the process of linking vulnerabilities in CVE to the attack techniques and tactics of ATT&CK. Experiments on the latest public dataset, ChatGPT-VDMEval, show the effectiveness of VTT-LLM with an accuracy of 85.18%, which is 13.69% and 54.42% higher than the existing CVET and ChatGPT-based methods, respectively. In addition, compared to fine-tuning without outside knowledge, the accuracy of VTT-LLM with chain fine-tuning is 9.24% higher on average across different LLMs.
Suggested Citation
Chenhui Zhang & Le Wang & Dunqiu Fan & Junyi Zhu & Tang Zhou & Liyi Zeng & Zhaohua Li, 2024.
"VTT-LLM: Advancing Vulnerability-to-Tactic-and-Technique Mapping through Fine-Tuning of Large Language Model,"
Mathematics, MDPI, vol. 12(9), pages 1-13, April.
Handle:
RePEc:gam:jmathe:v:12:y:2024:i:9:p:1286-:d:1381822
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:12:y:2024:i:9:p:1286-:d:1381822. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.