VMTT&RP: Automated Vulnerability Mapping with MITRE ATT&CK TTs, AND Risk Prioritization

Vulnerability management remains a cornerstone of enterprise cybersecurity, but traditional approaches often fail to prioritize threats in alignment with real-world attacker behavior. This research proposes a novel automated system that uses deep learning to map publicly disclosed vulnerabilities (CVEs) to adversarial techniques defined in the MITRE ATT&CK framework. The model uses a combination of natural language embeddings and a multi-label deep neural network to predict potential attack techniques from CVE descriptions. Furthermore, it incorporates a risk prioritization mechanism that enhances decision-making beyond CVSS scores by considering behavioral threat context. Evaluation results demonstrate high prediction precision and acceptable recall, suggesting practical applicability for SOCs, threat hunters, and vulnerability analysts.