Current Challenges of Cyber Threat and Vulnerability Identification Using Public Enumerations

Sadlek,  Lukáš; Čeleda,  Pavel; Tovarňák,  Daniel

Current Challenges of Cyber Threat and Vulnerability Identification Using Public Enumerations

Warning

This publication doesn't include Faculty of Arts. It includes Institute of Computer Science. Official publication website can be found on muni.cz.

Authors	SADLEK Lukáš ČELEDA Pavel TOVARŇÁK Daniel
Year of publication	2022
Type	Article in Proceedings
Conference	The 17th International Conference on Availability, Reliability and Security (ARES 2022)
MU Faculty or unit	Institute of Computer Science
Citation
Web	https://dl.acm.org/doi/10.1145/3538969.3544458
Doi	http://dx.doi.org/10.1145/3538969.3544458
Keywords	cyber threat intelligence; threat identification; vulnerability identification; CVE; CAPEC; MITRE ATT&CK
Attached files	2022_ARES_Current_Current_Challenges_of_Threat_Identification_presentation.pdf 2022_ARES_Current_Challenges_of_Threat_Identification_paper.pdf
Description	Identification of cyber threats is one of the essential tasks for security teams. Currently, cyber threats can be identified using knowledge organized into various formats, enumerations, and knowledge bases. This paper studies the current challenges of identifying vulnerabilities and threats in cyberspace using enumerations and data about assets. Although enumerations are used in practice, we point out several issues that still decrease the quality of vulnerability and threat identification. Since vulnerability identification methods are based on network monitoring and agents, the issues are related to the asset discovery, the precision of vulnerability discovery, and the amount of data. On the other hand, threat identification utilizes graph-based, nature-language, machine-learning, and ontological approaches. The current trend is to propose methods that utilize tactics, techniques, and procedures instead of low-level indicators of compromise to make cyber threat identification more mature. Cooperation between standards from threat, vulnerability, and asset management is also an unresolved issue confirmed by analyzing relationships between public enumerations and knowledge bases. Last, we studied the usability of techniques from the MITRE ATT&CK knowledge base for threat modeling using network monitoring to capture data. Although network traffic is not the most used data source, it allows the modeling of almost all tactics from the MITRE ATT&CK.
Related projects:	Cyber security cOmpeteNce fOr Research anD Innovation Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur a zpracování rozsáhlých senzorových dat