PulseAugur
EN
LIVE 03:13:52

New knowledge graph links software vulnerabilities to attack behaviors

Researchers have developed a new knowledge graph, CVE-TTP KG, designed to link software vulnerabilities with attacker tactics and techniques. This system aims to improve threat interpretation by connecting information from vulnerability databases like CVE and NVD with behavioral patterns from the MITRE ATT&CK framework. Transformer-based models, including CySecBERT, were employed for behavior identification, achieving high F1-scores for both techniques and tactics. The resulting Cyber Threat Knowledge Graph, built on Neo4j, enables structured visualization of these interconnected vulnerabilities. AI

IMPACT Enhances cybersecurity by providing structured insights into how software vulnerabilities can be exploited through specific attack tactics and techniques.

RANK_REASON The cluster contains an academic paper detailing a new knowledge graph and methodology for linking software vulnerabilities to attack behaviors.

Read on arXiv cs.AI →

AI-generated summary · Google Gemini · from 2 sources. How we write summaries →

New knowledge graph links software vulnerabilities to attack behaviors

COVERAGE [2]

  1. arXiv cs.AI TIER_1 English(EN) · Basant Agarwal, Dincy R. Arikkat, Swati Yadav, Serena Nicolazzo, Antonino Nocera, Vinod P ·

    CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors

    arXiv:2606.31557v1 Announce Type: cross Abstract: In the evolving threat landscape, adversaries exploit software vulnerabilities to launch sophisticated attacks, challenging traditional defenses. Although databases like CVE and NVD provide detailed technical information, they oft…

  2. arXiv cs.AI TIER_1 English(EN) · Vinod P ·

    CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors

    In the evolving threat landscape, adversaries exploit software vulnerabilities to launch sophisticated attacks, challenging traditional defenses. Although databases like CVE and NVD provide detailed technical information, they often lack links to attacker behaviors such as tactic…