An Analysis of Common Vulnerabilities and Exposures in View Of MITRE ATT&CK

  • Gurinder Pal Singh
  • Vishal Bharti
  • Manish Kumar Hooda

Abstract

Due to the ever-increasing threat posed by cyber-attacks on important cyber infrastructure, companies are focusing on expanding the knowledge base on cyber security. The Universal Vulnerabilities and Exposures (CVE), that were a selection of vulnerabilities known as the Common Vulnerabilities and Exposures that may be discovered in a wide variety of applications and hardware and which are the most commonly exploited, are the most important things to know about security. They are troublesome, though, because many vulnerabilities do not have a mechanism of dealing with them, making it hard for an attacker to take use of them. ATT&CK, a well-known cyber security risk management methodology, provides mitigation solutions for a wide range of destructive tactics, according to the MITRE Corporation. In the National Vulnerability Database (NVD), there is a collection of security defects that have been publicly revealed, which is referred to as Common Vulnerabilities and Exposures (CVEs) (CVE). In this case various figure of CVE listings, however a few of missing crucial data, like as the type of vulnerability. during this article, our techniques for used Common Vulnerabilities and Exposures data interested in weakness classes by employing a naive Bayes classifier to categories the entries. To assess the classification capabilities of the approach, a set of testing data is gathered and analyzed.

Keywords: CVE, National Vulnerability Database, Cyber security, Cyber Crime, MITRE ATT&CK

Downloads

Download data is not yet available.

References

[1] Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman, “A Search Engine Backed by Internet-Wide Scanning,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, Oct. 2015, pp. 542–553. doi: 10.1145/2810103.2813703.
[2] H. Booth, D. Rike, and G. Witte, “ITL BULLETIN FOR DECEMBER 2013 THE NATIONAL VULNERABILITY DATABASE (NVD): OVERVIEW,” p. 3.
[3] S. Na, T. Kim, and H. Kim, “A Study on the Classification of Common Vulnerabilities and Exposures using Naïve Bayes,” in Advances on Broad-Band Wireless Computing, Communication and Applications, vol. 2, L. Barolli, F. Xhafa, and K. Yim, Eds. Cham: Springer International Publishing, 2017, pp. 657–662. doi: 10.1007/978-3-319-49106-6_65.
[4] “Shodan,” Shodan. https://www.shodan.io (accessed Mar. 10, 2022).
[5] Y.-Y. Chang, P. Zavarsky, R. Ruhl, and D. Lindskog, “Trend Analysis of the CVE for Software Vulnerability Management,” in 2011 IEEE Third Int’l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int’l Conference on Social Computing, Boston, MA, USA, Oct. 2011, pp. 1290–1293. doi: 10.1109/PASSAT/SocialCom.2011.184.
[6] S. Neuhaus and T. Zimmermann, “Security Trend Analysis with CVE Topic Models,” in 2010 IEEE 21st International Symposium on Software Reliability Engineering, San Jose, CA, USA, Nov. 2010, pp. 111–120. doi: 10.1109/ISSRE.2010.53.
[7] M. Guo and J. A. Wang, “An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security,” p. 10, 2009.
[8] Z. Li, L. Tan, X. Wang, S. Lu, Y. Zhou, and C. Zhai, “Have things changed now?: an empirical study of bug characteristics in modern open source software,” in Proceedings of the 1st workshop on Architectural and system support for improving software dependability - ASID ’06, San Jose, California, 2006, pp. 25–33. doi: 10.1145/1181309.1181314.
Statistics
0 Views | 0 Downloads
How to Cite
Singh, G. P., Bharti, V., & Hooda, M. K. (2022). An Analysis of Common Vulnerabilities and Exposures in View Of MITRE ATT&CK. Asian Journal For Convergence In Technology (AJCT) ISSN -2350-1146, 8(2), 15-17. https://doi.org/10.33130/AJCT.2022v08i02.004