Machine Learning Based Approach for the Automated Mapping of Discovered Vulnerabilities to Adversial Tactics

摘要

To defend networks against security attacks, cyber defenders have to identify vulnerabilities that could be exploited by an attacker and fix them. However, vulnerabilities are constantly evolving and their number is rising. In addition, the resources required (i.e., time and cost) to patch all the identified vulnerabilities and update the affected assets are not always affordable. For these reasons, the defender needs to have a set of metrics that could be used to automatically map new discovered vulnerabilities to potential attack tactics. Using such a mapping to attack tactics, will allow security solutions to better respond inline to any vulnerabilities exploitation tentatives, by selecting and prioritizing suitable response strategy. In this work, we provide a multilabel classification approach to automatically map a detected vulnerability to the MITRE Adversarial Tactics that could be used by the attacker. The proposed approach will help cyber defenders to prioritize their defense strategies, ensure a rapid and efficient investigation process, and well manage new detected vulnerabilities. We evaluate a set of machine learning algorithms (BinaryRelevance, LabelPowerset, ClassifierChains, MLKNN, BRKNN, RAkELd, NLSP, and Neural Networks) and found out that ClassifierChains with RandomForest classifier is the best method in our experiment.