Authors:
Dmitry Levshun
and
Dmitry Vesnin
Affiliation:
St. Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V.O., St. Petersburg, 199178, Russia
Keyword(s):
Vulnerability Prediction, Vulnerability Categorization, Attack Graph, CPE, CVE, CVSS, BERT.
Abstract:
Attack graphs have long been a popular method for modelling multistep attacks. They are useful for assessing the likelihood of network hosts being compromised and identifying attack paths with the highest probability and impact. Typically, this analysis relies on information about vulnerabilities from open databases. However, many devices are not included in these databases, making it impossible to utilize information about their vulnerabilities. To address this challenge, we are exploring different modifications of BERT in prediction of vulnerability categories in devices configurations. Our goal is to predict vulnerability categories in new versions of vulnerable systems or systems with configurations close to vulnerable ones. In this work, each device configuration is represented as a list of Common Platform Enumeration descriptions. We categorized vulnerabilities into 24 groups based on their access vector, initial access, and obtained access rights—metrics derived from the Commo
n Vulnerabilities and Exposures within the Common Vulnerability Scoring System. During the experiments, we initially compared the performance of BERT, RoBERTa, XLM-RoBERTa, and DeBERTa-v3. Following this comparison, we used hyperparameter optimization for the model with the best performance in each metric prediction. Based on those predictions, we evaluated the performance of their combination in prediction of vulnerability categories.
(More)