Mapping Vulnerability Description to MITRE ATT&CK Framework by LLM

As the number and complexity of cybersecurity threats continue to increase, security professionals must augment their knowledge by utilizing resources that provide insights into the attack patterns and techniques employed by attackers. This understanding allows them to better comprehend the potential impact of a vulnerability and prioritize the development of effective mitigation strategies within their organizations. The frequent emergence of CVEs and the impracticality of manually correlating them to MITRE ATT&CK techniques necessitate the use of automated methods. Dependence on automation methods like BERT can become prohibitively expensive and time-consuming. With the continuous emergence of new vulnerabilities and revisions to the ATT&CK framework, it is necessary to retrain the model to ensure precise mapping of these evolving patterns. To address this issue, our paper leverages LLMs to automate the mapping of CVE descriptions to MITRE ATT&CK techniques, offering a scalable and accurate alternative to traditional methods. By embedding detailed CVE and MITRE ATT&CK knowledge into the LLM, the model can more precisely identify and map vulnerabilities to specific attack techniques. The paper also explores innovative prompt design methods to enhance the LLM’s comprehension and output quality. This approach using general-purpose chatbots like GPT-3.5, GPT-4 o and OpenAI o1 yields similar results with lower costs and time, providing a cost-effective solution for CVE to ATT&CK mapping.