@inproceedings{simonetto-bosch-2024-comprehensive,
    title = "Comprehensive threat analysis and systematic mapping of {CVE}s to {MITRE} framework",
    author = "Simonetto, Stefano  and
      Bosch, Peter",
    editor = "Mitkov, Ruslan  and
      Ezzini, Saad  and
      Ranasinghe, Tharindu  and
      Ezeani, Ignatius  and
      Khallaf, Nouran  and
      Acarturk, Cengiz  and
      Bradbury, Matthew  and
      El-Haj, Mo  and
      Rayson, Paul",
    booktitle = "Proceedings of the First International Conference on Natural Language Processing and Artificial Intelligence for Cyber Security",
    month = jul,
    year = "2024",
    address = "Lancaster, UK",
    publisher = "International Conference on Natural Language Processing and Artificial Intelligence for Cyber Security",
    url = "https://preview.aclanthology.org/fix-sig-urls/2024.nlpaics-1.4/",
    pages = "32--41",
    abstract = "This research addresses the significance of threat intelligence by presenting a practical approach to generate a labeled dataset for mapping CVEs to MITRE. By linking Common Vulnerabilities and Exposures (CVEs) with the MITRE ATT{\&}CK framework, the paper outlines a scheme that integrates the extensive CVE database with the techniques and tactics of the ATT{\&}CK knowledge base. The core contribution lies in a detailed methodology designed to map CVEs onto corresponding ATT{\&}CK techniques and, in turn, to tactics through a data-driven perspective, centering specifically on the labeling provided by NIST. This procedure enhances our understanding of cybersecurity threats and yields a structured, labeled dataset essential for practical threat analysis. It facilitates and improves the recognition and categorization of cybersecurity threats. Furthermore, the paper analyses the dataset in the context of cyber-threat intelligence. It highlights how vulnerability understanding and awareness have improved over the years through the continuous effort to place vulnerabilities in the context of an attack by linking it to abstract techniques. The dataset allows for a comprehensive cyber attack stage and kill-chain analysis. It serves as a training resource for algorithm development in various use cases, such as threat detection and large language model fine-tuning."
}