An Analysis of Common Vulnerabilities and Exposures in View Of MITRE ATT&CK

Abstract

Due to the ever-increasing threat posed by cyber-attacks on important cyber infrastructure, companies are focusing on expanding the knowledge base on cyber security. The Universal Vulnerabilities and Exposures (CVE), that were a selection of vulnerabilities known as the Common Vulnerabilities and Exposures that may be discovered in a wide variety of applications and hardware and which are the most commonly exploited, are the most important things to know about security. They are troublesome, though, because many vulnerabilities do not have a mechanism of dealing with them, making it hard for an attacker to take use of them. ATT&CK, a well-known cyber security risk management methodology, provides mitigation solutions for a wide range of destructive tactics, according to the MITRE Corporation. In the National Vulnerability Database (NVD), there is a collection of security defects that have been publicly revealed, which is referred to as Common Vulnerabilities and Exposures (CVEs) (CVE). In this case various figure of CVE listings, however a few of missing crucial data, like as the type of vulnerability. during this article, our techniques for used Common Vulnerabilities and Exposures data interested in weakness classes by employing a naive Bayes classifier to categories the entries. To assess the classification capabilities of the approach, a set of testing data is gathered and analyzed.