Mapping Exploit Code on Paste Sites to the MITRE ATT&CK Framework: A Multi-label Transformer Approach

Jan 1, 2023·
Benjamin Ampel
,
Tala Vahedi
,
Sagar Samtani
,
Hsinchun Chen
· 1 min read
Abstract
This paper presents a multi-label transformer approach for mapping exploit code found on paste sites to the MITRE ATT&CK framework. We develop an innovative system that automatically categorizes and classifies exploit code according to the standardized ATT&CK taxonomy.
Type
Publication
2023 IEEE International Conference on Intelligence and Security Informatics (ISI)

Abstract

The MITRE ATT&CK framework has become a standard taxonomy for understanding cyber adversary behavior, but manually mapping exploit code to ATT&CK techniques is time-consuming and error-prone. This paper presents a multi-label transformer approach for automatically mapping exploit code found on paste sites to the MITRE ATT&CK framework.

Our research addresses the challenges of:

  • Automatic Classification: Mapping exploit code to appropriate ATT&CK techniques
  • Multi-label Learning: Handling multiple technique classifications per exploit
  • Transformer Architecture: Leveraging advanced NLP techniques for code analysis
  • Paste Site Analysis: Processing and analyzing code from various paste sites

The system demonstrates high accuracy in mapping exploit code to ATT&CK techniques and provides valuable intelligence for threat analysts.

Key Contributions

  1. Multi-label Transformer Framework: Novel approach for exploit code classification
  2. ATT&CK Mapping: Automatic mapping to standardized threat taxonomy
  3. Paste Site Integration: Analysis of code from various online sources
  4. Intelligence Generation: Valuable insights for threat analysts

Research Impact

This work advances the field of automated threat intelligence and provides practical tools for mapping exploit code to standardized threat frameworks.

Ai-Security Cybersecurity Deep-Learning Machine-Learning Mitre-Attack Paste-Sites Transformer