BRON – Linking Attack Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations

10/01/2020
by   Erik Hemberg, et al.
0

Many public sources of cyber threat and vulnerability information exist to serve the defense of cyber systems. This paper proposes BRON which is a composite of MITRE's ATT CK MATRIX, NIST's Common Weakness Enumerations (CWE), Common Vulnerabilities and Exposures (CVE), and Common Attack Pattern Enumeration and Classification, CAPEC. BRON preserves all entries and relations while enabling bi-directional, relational path tracing. It exploits attack patterns to trace between the objectives and means of attacks to the vulnerabilities and affected software and hardware configurations they target. We inventory and analyze BRON's sources to gauge any gap between information on attacks and information on attack targets. We also analyze BRON for information that is a by-product of its mission.

READ FULL TEXT

page 6

page 8

page 11

page 12

research
12/28/2021

Common Privacy Weaknesses and Vulnerabilities in Software Applications

In this digital era, our privacy is under constant threat as our persona...
research
09/06/2023

CVE-driven Attack Technique Prediction with Semantic Information Extraction and a Domain-specific Language Model

This paper addresses a critical challenge in cybersecurity: the gap betw...
research
03/26/2021

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

Side-channel attacks have become a severe threat to the confidentiality ...
research
08/03/2021

Linking Common Vulnerabilities and Exposures to the MITRE ATT CK Framework: A Self-Distillation Approach

Due to the ever-increasing threat of cyber-attacks to critical cyber inf...
research
12/09/2018

Fishy Cyber Attack Detection in Industrial Control Systems

Cyber attacks have become serious threats to Industrial Control systems ...
research
06/01/2023

ExTRUST: Reducing Exploit Stockpiles with a Privacy-Preserving Depletion System for Inter-State Relationships

Cyberspace is a fragile construct threatened by malicious cyber operatio...
research
07/15/2020

Data Sampling on MDS-resistant 10th Generation Intel Core (Ice Lake)

Microarchitectural Data Sampling (MDS) is a set of hardware vulnerabilit...

Please sign up or login with your details

Forgot password? Click here to reset