{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T17:21:00Z","timestamp":1774545660842,"version":"3.50.1"},"reference-count":48,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T00:00:00Z","timestamp":1661904000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006595","name":"Romanian National Authority for Scientific Research and Innovation","doi-asserted-by":"publisher","award":["2PTE2020"],"award-info":[{"award-number":["2PTE2020"]}],"id":[{"id":"10.13039\/501100006595","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Algorithms"],"abstract":"Since cyber-attacks are ever-increasing in number, intensity, and variety, a strong need for a global, standardized cyber-security knowledge database has emerged as a means to prevent and fight cybercrime. Attempts already exist in this regard. The Common Vulnerabilities and Exposures (CVE) list documents numerous reported software and hardware vulnerabilities, thus building a community-based dictionary of existing threats. The MITRE ATT&CK Framework describes adversary behavior and offers mitigation strategies for each reported attack pattern. While extremely powerful on their own, the tremendous extra benefit gained when linking these tools cannot be overlooked. This paper introduces a dataset of 1813 CVEs annotated with all corresponding MITRE ATT&CK techniques and proposes models to automatically link a CVE to one or more techniques based on the text description from the CVE metadata. We establish a strong baseline that considers classical machine learning models and state-of-the-art pre-trained BERT-based language models while counteracting the highly imbalanced training set with data augmentation strategies based on the TextAttack framework. We obtain promising results, as the best model achieved an F1-score of 47.84%. In addition, we perform a qualitative analysis that uses Lime explanations to point out limitations and potential inconsistencies in CVE descriptions. Our model plays a critical role in finding kill chain scenarios inside complex infrastructures and enables the prioritization of CVE patching by the threat level. We publicly release our code together with the dataset of annotated CVEs.<\/jats:p>","DOI":"10.3390\/a15090314","type":"journal-article","created":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T23:53:21Z","timestamp":1661990001000},"page":"314","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":60,"title":["CVE2ATT&CK: BERT-Based Mapping of CVEs to MITRE ATT&CK Techniques"],"prefix":"10.3390","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8919-5718","authenticated-orcid":false,"given":"Octavian","family":"Grigorescu","sequence":"first","affiliation":[{"name":"Computer Science & Engineering Department, University Politehnica of Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania"}]},{"given":"Andreea","family":"Nica","sequence":"additional","affiliation":[{"name":"Computer Science & Engineering Department, University Politehnica of Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4815-9227","authenticated-orcid":false,"given":"Mihai","family":"Dascalu","sequence":"additional","affiliation":[{"name":"Computer Science & Engineering Department, University Politehnica of Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania"},{"name":"Academy of Romanian Scientists, Str. Ilfov, Nr. 3, 050044 Bucharest, Romania"}]},{"given":"Razvan","family":"Rughinis","sequence":"additional","affiliation":[{"name":"Computer Science & Engineering Department, University Politehnica of Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania"},{"name":"Academy of Romanian Scientists, Str. Ilfov, Nr. 3, 050044 Bucharest, Romania"}]}],"member":"1968","published-online":{"date-parts":[[2022,8,31]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"8176","DOI":"10.1016\/j.egyr.2021.08.126","article-title":"A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments","volume":"7","author":"Li","year":"2021","journal-title":"Energy Rep."},{"key":"ref_2","first-page":"4","article-title":"Cyber Risks, the Growing Threat","volume":"2","author":"Dayalan","year":"2017","journal-title":"IJNRD-Int. J. Nov. Res. Dev."},{"key":"ref_3","unstructured":"Smith, Z.M., and Lostri, E. (2020). The Hidden Costs of Cybercrime, McAfee. Technical Report."},{"key":"ref_4","unstructured":"Fichtenkamm, M., Burch, G.F., and Burch, J. (2022, August 08). Cybersecurity in a COVID-19 World: Insights on How Decisions Are Made. Available online: https:\/\/www.isaca.org\/resources\/isaca-journal\/issues\/2022\/volume-2\/cybersecurity-in-a-covid-19-world."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"698","DOI":"10.1057\/s41288-022-00266-6","article-title":"Cyber risk and cybersecurity: A systematic review of data availability","volume":"47","author":"Cremer","year":"2022","journal-title":"Geneva Pap. Risk Insur. Issues Pract."},{"key":"ref_6","unstructured":"Martin, R., Christey, S., and Baker, D. (2002). A Progress Report on the CVE Initiative, The MITRE Corporation. Technical Report."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"S\u00f6nmez, F.\u00d6. (2021). Classifying Common Vulnerabilities and Exposures Database Using Text Mining and Graph Theoretical Analysis. Machine Intelligence and Big Data Analytics for Cybersecurity Applications, Springer.","DOI":"10.1007\/978-3-030-57024-8_14"},{"key":"ref_8","unstructured":"Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., and Thomas, C.B. (2018). MITRE ATT&CK\u2122: Design and Philosophy, The MITRE Corporation. Technical Report."},{"key":"ref_9","unstructured":"Hemberg, E., Kelly, J., Shlapentokh-Rothman, M., Reinstadler, B., Xu, K., Rutar, N., and O\u2019Reilly, U.M. (2021). Linking threat tactics, techniques, and patterns with defensive weaknesses, vulnerabilities and affected platform configurations for cyber hunting. arXiv."},{"key":"ref_10","unstructured":"NVD (2022, August 08). NVD Dashboard, Available online: https:\/\/nvd.nist.gov\/general\/nvd-dashboard."},{"key":"ref_11","unstructured":"The Center for Threat-Informed Defense (2021). Mapping MITRE ATT&CK\u00ae to CVEs for Impact, The Center for Threat-Informed Defense."},{"key":"ref_12","unstructured":"Baker, J. (2022, August 08). CVE + MITRE ATT&CK to Understand Vulnerability Impact. Available online: https:\/\/medium.com\/mitre-engenuity\/cve-mitre-att-ck-to-understand-vulnerability-impact-c40165111bf7."},{"key":"ref_13","unstructured":"Roe, S. (2022, August 24). Using Mitre ATT&CK with threat intelligence to improve Vulnerability Management. Available online: https:\/\/outpost24.com\/blog\/Using-mitre-attack-with-threat-intelligence-to-improve-vulnerability-management."},{"key":"ref_14","unstructured":"Ampel, B., Samtani, S., Ullman, S., and Chen, H. (2021). Linking Common Vulnerabilities and Exposures to the MITRE ATT&CK Framework: A Self-Distillation Approach. arXiv."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Kuppa, A., Aouad, L., and Le-Khac, N.A. (2021, January 17\u201320). Linking CVE\u2019s to MITRE ATT&CK Techniques. Proceedings of the 16th International Conference on Availability, Reliability and Security, Vienna, Austria.","DOI":"10.1145\/3465481.3465758"},{"key":"ref_16","unstructured":"Github (2022, August 08). Threat Report ATT&CK Mapping (TRAM). Available online: https:\/\/github.com\/center-for-threat-informed-defense\/tram\/."},{"key":"ref_17","unstructured":"Yoder, S. (2022, August 08). Automating Mapping to ATT&CK: The Threat Report ATT&CK Mapper (TRAM) Tool. Available online: https:\/\/medium.com\/mitre-attack\/automating-mapping-to-attack-tram-1bb1b44bda76."},{"key":"ref_18","unstructured":"Ribeiro, M.T., Singh, S., and Guestrin, C. (2016). Model-agnostic interpretability of machine learning. arXiv."},{"key":"ref_19","unstructured":"Tagtog (2022, August 08). CVE2ATT&CK Dataset. Available online: https:\/\/www.tagtog.com\/readerbench\/MitreMatrix\/."},{"key":"ref_20","unstructured":"Github (2022, August 08). CVE2ATT&CK Repository. Available online: https:\/\/github.com\/readerbench\/CVE2ATT-CK."},{"key":"ref_21","unstructured":"(2022, August 24). Vulnerability Database. Available online: https:\/\/vuldb.com\/."},{"key":"ref_22","unstructured":"(2022, August 24). Exploit Database-Exploits for Penetration Testers, Researchers, and Ethical Hackers. Available online: https:\/\/www.exploit-db.com\/."},{"key":"ref_23","unstructured":"TagTog (2022, August 08). API Documentation v1. Available online: https:\/\/github.com\/tagtog\/tagtog-doc\/blob\/master\/API-projects-v1.md."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"429","DOI":"10.3233\/IDA-2002-6504","article-title":"The Class Imbalance Problem: A Systematic Study","volume":"6","author":"Japkowicz","year":"2002","journal-title":"Intell. Data Anal."},{"key":"ref_25","unstructured":"TextAttack (2022, August 08). Documentation Webpage. Available online: https:\/\/textattack.readthedocs.io\/en\/latest\/index.html."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Morris, J., Lifland, E., Yoo, J.Y., Grigsby, J., Jin, D., and Qi, Y. (2020, January 16\u201320). TextAttack: A Framework for Adversarial Attacks, Data Augmentation, and Adversarial Training in NLP. Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, Online.","DOI":"10.18653\/v1\/2020.emnlp-demos.16"},{"key":"ref_27","unstructured":"TextAttack (2022, August 08). Augmentation Recipes. Available online: https:\/\/textattack.readthedocs.io\/en\/latest\/3recipes\/augmenter_recipes.html."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Wei, J., and Zou, K. (2019, January 3\u20137). EDA: Easy Data Augmentation Techniques for Boosting Performance on Text Classification Tasks. Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), Hong Kong, China.","DOI":"10.18653\/v1\/D19-1670"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Alazaidah, R., and Ahmad, F.K. (2016). Trending Challenges in Multi Label Classification. Int. J. Adv. Comput. Sci. Appl., 7.","DOI":"10.14569\/IJACSA.2016.071017"},{"key":"ref_30","unstructured":"spaCy (2022, August 08). spaCy 101: Everything You Need to Know. Available online: https:\/\/spacy.io\/usage\/spacy-101."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Tsoumakas, G., Katakis, I., and Vlahavas, I. (2009). Mining multi-label data. Data Mining and Knowledge Discovery Handbook, Springer.","DOI":"10.1007\/978-0-387-09823-4_34"},{"key":"ref_32","first-page":"101","article-title":"In Defense of One-Vs-All Classification","volume":"5","author":"Rifkin","year":"2004","journal-title":"J. Mach. Learn. Res."},{"key":"ref_33","unstructured":"Tsoumakas, G., and Vlahavas, I. (2007, January 17\u201321). Random k-labelsets: An ensemble method for multilabel classification. Proceedings of the European Conference on Machine Learning, Warsaw, Poland."},{"key":"ref_34","first-page":"41","article-title":"An Empirical Study of the Na\u00efve Bayes Classifier","volume":"3","author":"Rish","year":"2001","journal-title":"IJCAI 2001 Work. Empir Methods Artif. Intell."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1016\/j.neucom.2019.10.118","article-title":"A comprehensive survey on support vector machine classification: Applications, challenges and trends","volume":"408","author":"Cervantes","year":"2020","journal-title":"Neurocomputing"},{"key":"ref_36","unstructured":"Scikit (2022, August 08). Grid Search. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.model_selection.GridSearchCV.html."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"LeCun, Y., Haffner, P., Bottou, L., and Bengio, Y. (1999). Object recognition with gradient-based learning. Shape, Contour and Grouping in Computer Vision, Springer.","DOI":"10.1007\/3-540-46805-6_19"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Yih, W.T., He, X., and Meek, C. (2014, January 23\u201325). Semantic parsing for single-relation question answering. Proceedings of the 52nd Annual Meeting of the Association for Computational Linguistics, Baltimore, MD, USA.","DOI":"10.3115\/v1\/P14-2105"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Kalchbrenner, N., Grefenstette, E., and Blunsom, P. (2014, January 23\u201325). A Convolutional Neural Network for Modelling Sentences. Proceedings of the 52nd Annual Meeting of the Association for Computational Linguistics, Baltimore, MD, USA.","DOI":"10.3115\/v1\/P14-1062"},{"key":"ref_40","unstructured":"Github (2022, August 08). Word Representation for Cyber Security Vulnerability Domain. Available online: https:\/\/github.com\/unsw-cse-soc\/Vul_Word2Vec."},{"key":"ref_41","unstructured":"Devlin, J., Chang, M.W., Lee, K., and Toutanova, K. (2019, January 2\u20137). BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics, Minneapolis, MN, USA."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Beltagy, I., Lo, K., and Cohan, A. (2019, January 3\u20137). SciBERT: A Pretrained Language Model for Scientific Text. Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), Hong Kong, China.","DOI":"10.18653\/v1\/D19-1371"},{"key":"ref_43","unstructured":"Huggingface (2022, August 08). SecBERT Model. Available online: https:\/\/huggingface.co\/jackaduma\/SecBERT."},{"key":"ref_44","unstructured":"Pytorch (2022, August 08). BCE with Logit Loss. Available online: https:\/\/pytorch.org\/docs\/stable\/generated\/torch.nn.BCEWithLogitsLoss.html."},{"key":"ref_45","unstructured":"Dong, Y., Guo, W., Chen, Y., Xing, X., Zhang, Y., and Wang, G. (2019, January 14\u201316). Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_46","first-page":"1","article-title":"Generalizing from a few examples: A survey on few-shot learning","volume":"53","author":"Wang","year":"2020","journal-title":"ACM Comput. Surv. (csur)"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"124201","DOI":"10.1088\/1361-6633\/ac36b9","article-title":"The LHC olympics 2020: A community challenge for anomaly detection in high energy physics","volume":"84","author":"Kasieczka","year":"2021","journal-title":"Rep. Prog. Phys."},{"key":"ref_48","unstructured":"MITRE (2022, August 08). Common Weakness Enumeration Webpage. Available online: https:\/\/cwe.mitre.org\/."}],"container-title":["Algorithms"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-4893\/15\/9\/314\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:21:20Z","timestamp":1760142080000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-4893\/15\/9\/314"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,31]]},"references-count":48,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2022,9]]}},"alternative-id":["a15090314"],"URL":"https:\/\/doi.org\/10.3390\/a15090314","relation":{},"ISSN":["1999-4893"],"issn-type":[{"value":"1999-4893","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,31]]}}}