Mapping Vulnerability Description to MITRE ATT&CK Framework by LLM

Mapping Vulnerability Description to MITRE ATT&CK Framework by LLM | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Mapping Vulnerability Description to MITRE ATT&CK Framework by LLM Pasha Rafiey, Amin Namadchian This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4341401/v2 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 17 Sep, 2025 Read the published version in Advances in Artificial Intelligence and Machine Learning → Version 2 posted You are reading this latest preprint version Show more versions Abstract As the number and complexity of cybersecurity threats continue to increase, security professionals must augment their knowledge by utilizing resources that provide insights into the attack patterns and techniques employed by attackers. This understanding allows them to better comprehend the potential impact of a vulnerability and prioritize the development of effective mitigation strategies within their organizations. The frequent emergence of CVEs and the impracticality of manually correlating them to MITRE ATT&CK techniques necessitate the use of automated methods. Dependence on automation methods like BERT can become prohibitively expensive and time-consuming. With the continuous emergence of new vulnerabilities and revisions to the ATT&CK framework, it is necessary to retrain the model to ensure precise mapping of these evolving patterns. To address this issue, our paper leverages LLMs to automate the mapping of CVE descriptions to MITRE ATT&CK techniques, offering a scalable and accurate alternative to traditional methods. By embedding detailed CVE and MITRE ATT&CK knowledge into the LLM, the model can more precisely identify and map vulnerabilities to specific attack techniques. The paper also explores innovative prompt design methods to enhance the LLM’s comprehension and output quality. This approach using general-purpose chatbots like GPT-3.5, GPT-4 o and OpenAI o1 yields similar results with lower costs and time, providing a cost-effective solution for CVE to ATT&CK mapping. large language model CVE MITRE ATT&CK Vulnerability fine-tuning GPT-3.5 GPT-4o OpenAI o1 Full Text Cite Share Download PDF Status: Published Journal Publication published 17 Sep, 2025 Read the published version in Advances in Artificial Intelligence and Machine Learning → Version 2 posted You are reading this latest preprint version Show more versions Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4341401","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":398434961,"identity":"9439fab0-cc51-11ef-91e4-06cc9d20a69f","order_by":0,"name":"Pasha Rafiey","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA9klEQVRIiWNgGAWjYLCCCgMGBn4QI4HhDwMDDzFazgC1SDaAtRwjVgsQGxwAMw8T1mLOwPvww4ECGznj48evfXjAcEzenOcA44ePObi1WDawG0scMEgzNjuTUzwD6BfDnb0NzJIzt+HWYnD/GYP0B4PDidsO5CQzJP47xrjhPAMbMy8+LQfYmH8cMPhfv7n/TTLQ+4ftidHCBnTYgQQDifTDIC2JG8424Ndi2cDGZnHAINlwxo03zKBATt5w5mAzXr+YA11x48AfO3n+/vTHjD8Y/thuOJN88MNHfA5DMHlgbMYG3OpRtbA/wKtyFIyCUTAKRi4AAFoyVRpKzY48AAAAAElFTkSuQmCC","orcid":"","institution":"Agricultural Bank","correspondingAuthor":true,"prefix":"","firstName":"Pasha","middleName":"","lastName":"Rafiey","suffix":""},{"id":398435160,"identity":"c9b647fb-cc51-11ef-91e4-06cc9d20a69f","order_by":1,"name":"Amin Namadchian","email":"","orcid":"","institution":"Agricultural Bank","correspondingAuthor":false,"prefix":"","firstName":"Amin","middleName":"","lastName":"Namadchian","suffix":""}],"badges":[],"createdAt":"2024-04-29 08:35:30","currentVersionCode":2,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-4341401/v2","doiUrl":"https://doi.org/10.21203/rs.3.rs-4341401/v2","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.54364/AAIML.2025.53243","type":"published","date":"2025-09-18T00:00:00+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":92869065,"identity":"8e3f05cd-b6ae-4eea-a266-5e7d2f41f9f3","added_by":"auto","created_at":"2025-10-06 13:40:19","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":417437,"visible":true,"origin":"","legend":"","description":"","filename":"snDiscoverAI.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4341401/v2_covered_e7de9cc1-af41-4f3d-b1d6-b6279f3c3038.pdf"}],"financialInterests":"","formattedTitle":"Mapping Vulnerability Description to MITRE ATT\u0026amp;CK Framework by LLM","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":true,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"large language model, CVE, MITRE ATT\u0026CK, Vulnerability, fine-tuning, GPT-3.5, GPT-4o, OpenAI o1","lastPublishedDoi":"10.21203/rs.3.rs-4341401/v2","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4341401/v2","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eAs the number and complexity of cybersecurity threats continue to increase, security professionals must augment their knowledge by utilizing resources that provide insights into the attack patterns and techniques employed by attackers. This understanding allows them to better comprehend the potential impact of a vulnerability and prioritize the development of effective mitigation strategies within their organizations. The frequent emergence of CVEs and the impracticality of manually correlating them to MITRE ATT\u0026amp;CK techniques necessitate the use of automated methods. Dependence on automation methods like BERT can become prohibitively expensive and time-consuming. With the continuous emergence of new vulnerabilities and revisions to the ATT\u0026amp;CK framework, it is necessary to retrain the model to ensure precise mapping of these evolving patterns. To address this issue, our paper leverages LLMs to automate the mapping of CVE descriptions to MITRE ATT\u0026amp;CK techniques, offering a scalable and accurate alternative to traditional methods. By embedding detailed CVE and MITRE ATT\u0026amp;CK knowledge into the LLM, the model can more precisely identify and map vulnerabilities to specific attack techniques. The paper also explores innovative prompt design methods to enhance the LLM’s comprehension and output quality. This approach using general-purpose chatbots like GPT-3.5, GPT-4 o and OpenAI o1 yields similar results with lower costs and time, providing a cost-effective solution for CVE to ATT\u0026amp;CK mapping.\u003c/p\u003e","manuscriptTitle":"Mapping Vulnerability Description to MITRE ATT\u0026amp;CK Framework by LLM","msid":"","msnumber":"","nonDraftVersions":[{"code":2,"date":"2025-01-06 17:18:12","doi":"10.21203/rs.3.rs-4341401/v2","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}},{"code":1,"date":"2024-05-22 06:06:32","doi":"10.21203/rs.3.rs-4341401/v1","editorialEvents":[{"type":"communityComments","content":1}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"9e6fa913-6f2f-474f-9a5a-7fcfc20f1403","owner":[],"postedDate":"January 6th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2025-10-06T13:40:14+00:00","versionOfRecord":{"articleIdentity":"rs-4341401","link":"https://doi.org/10.54364/AAIML.2025.53243","journal":{"identity":"advances-in-artificial-intelligence-and-machine-learning","isVorOnly":true,"title":"Advances in Artificial Intelligence and Machine Learning"},"publishedOn":"2025-09-18 00:00:00","publishedOnDateReadable":"September 18th, 2025"},"versionCreatedAt":"2025-01-06 17:18:12","video":"","vorDoi":"10.54364/AAIML.2025.53243","vorDoiUrl":"https://doi.org/10.54364/AAIML.2025.53243","workflowStages":[]},"version":"v2","identity":"rs-4341401","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4341401","identity":"rs-4341401","version":["v2"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}