{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T20:04:56Z","timestamp":1780085096919,"version":"3.54.0"},"reference-count":38,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"name":"Institute of Information and Communications Technology Planning and Evaluation (IITP)-Information Technology Research Center (ITRC) grant funded by Korean Government","award":["IITP-2025-RS-2023-00259967"],"award-info":[{"award-number":["IITP-2025-RS-2023-00259967"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/access.2026.3694323","type":"journal-article","created":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T19:47:23Z","timestamp":1779133643000},"page":"78362-78375","source":"Crossref","is-referenced-by-count":0,"title":["Automated Cloud Risk Scoring via End-to-End CVE-ATT&amp;CK Mapping and Flow Reconstruction"],"prefix":"10.1109","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-8893-375X","authenticated-orcid":false,"given":"Millati","family":"Pratiwi","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Pusan National University, Busan, South Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-7809-5686","authenticated-orcid":false,"given":"Jaeyoung","family":"Jeong","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Pusan National University, Busan, South Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Seunghyuk","family":"Kim","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Pusan National University, Busan, South Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3556-5082","authenticated-orcid":false,"given":"Yoon-Ho","family":"Choi","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Pusan National University, Busan, South Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","first-page":"243","article-title":"SMET: Semantic mapping of CVE to Att&CK and its application to cyber security","volume-title":"Proc. IFIP Int. Conf. Data Appl. Secur. Privacy (DBSEC)","author":"Abdeen"},{"key":"ref2","volume-title":"NIST Risk Management Framework (RMF)","year":"2016"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-53r5"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-30r1"},{"key":"ref5","volume-title":"Mitrwe ATT&CK","year":"2021"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3465758"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-87839-9_3"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.3390\/a15090314"},{"key":"ref9","first-page":"3724","article-title":"Not the end of story: An evaluation of ChatGPT-driven vulnerability description mappings","volume-title":"Proc. Findings Assoc. Comput. Linguistics: ACL","author":"Liu"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.1907.11692"},{"key":"ref11","volume-title":"Known Exploited Vulnerabilities Mappings Explorer. Version 07.28.2025; ATT&CK v16.1","year":"2025"},{"key":"ref12","article-title":"Linking threat tactics, techniques, and patterns with defensive weaknesses, vulnerabilities and affected platform configurations for cyber hunting","author":"Hemberg","year":"2021","journal-title":"arXiv:2010.00533"},{"key":"ref13","volume-title":"CVE2CAPEC: Automated Mapping between CVE and CAPEC","year":"2024"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.12.008"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1057\/s41288-018-0078-3"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.3390\/info10070242"},{"key":"ref17","first-page":"53","article-title":"Automatic mapping of vulnerability information to adversary techniques","volume-title":"Proc. SECURWARE 14th Int. Conf. Emerg. Secur. Inf., Syst. Technol.","author":"Mendsaikhan"},{"key":"ref18","article-title":"Linking common vulnerabilities and exposures to the mitre att&ck framework: A self-distillation approach","volume-title":"Proc. ACM Cyber Secur. Privacy Conf.","author":"Ampel"},{"key":"ref19","first-page":"49","article-title":"Semantic ranking for automated adversarial technique annotation in security text","volume-title":"Proc. 19th ACM Asia Conf. Comput. Commun. Secur.","author":"Kumarasinghe"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SEAA64295.2024.00069"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.3390\/math12091286"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/GLOBECOM52923.2024.10900988"},{"key":"ref23","article-title":"A survey of large language models","author":"Zhao","year":"2023","journal-title":"arXiv:2303.18223"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.52202\/068431-1800"},{"key":"ref25","article-title":"The Llama 3 herd of models","author":"Grattafiori","year":"2024","journal-title":"arXiv:2407.21783"},{"issue":"2","key":"ref26","first-page":"3","article-title":"LoRa: Low-rank adaptation of large language models","volume-title":"Proc. ICLR","volume":"1","author":"Hu"},{"key":"ref27","first-page":"5776","article-title":"MiniLM: Deep self-attention distillation for task-agnostic compression of pre-trained transformers","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Wang"},{"key":"ref28","article-title":"UMAP: Uniform manifold approximation and projection for dimension reduction","author":"McInnes","year":"2018","journal-title":"arXiv:1802.03426"},{"key":"ref29","volume-title":"Metasploit Framework","year":"2022"},{"key":"ref30","volume-title":"Exploit Database","year":"2026"},{"key":"ref31","article-title":"Attack techniques and threat identification for vulnerabilities","author":"Adam","year":"2022","journal-title":"arXiv:2206.11171"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/ISI58743.2023.10297272"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ICCP51029.2020.9266234"},{"key":"ref34","article-title":"BERTScore: Evaluating text generation with BERT","author":"Zhang","year":"2019","journal-title":"arXiv:1904.09675"},{"key":"ref35","article-title":"Gemma 3 technical report","volume-title":"arXiv:2503.19786","author":"Team","year":"2025"},{"key":"ref36","volume-title":"Unsloth","author":"Han","year":"2023"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/IRI54793.2022.00045"},{"key":"ref38","article-title":"Generating informative CVE description from ExploitDB posts by extractive summarization","author":"Sun","year":"2021","journal-title":"arXiv:2101.01431"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/11323511\/11523001.pdf?arnumber=11523001","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T19:57:40Z","timestamp":1780084660000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11523001\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":38,"URL":"https:\/\/doi.org\/10.1109\/access.2026.3694323","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}