Home // SECURWARE 2025, The Nineteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Threat-Based Vulnerability Management: Mapping CVEs to the MITRE ATT&CK Framework

Authors:
Logan McMahon
Oluwafemi Olukoya

Keywords: MITRE ATT&CK; CVE; Vulnerability; Machine Learning; Data Augmentation; Threat Intelligence.

Abstract:
Mapping Common Vulnerabilities and Exposures (CVEs) to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework plays a crucial role in cybersecurity, particularly in threat mitigation and risk management. Accurate and automated CVE-to-ATT&CK mapping enables defenders to better assess the risks posed by emerging vulnerabilities. Prior work has relied primarily on CVE descriptions to establish links to relevant tactics and techniques. However, these approaches struggle when descriptions are incomplete or poorly written. This research proposes that enriching CVE descriptions with extended features, such as exploitability scores, software weaknesses, system and software identifiers, attack patterns, and classification data, substantially improves mapping accuracy. In unsupervised evaluations, this enrichment increased correct mappings by 42 % to 66.7% and reduced misclassifications by 6%. In supervised experiments, the proposed SecRoBERTa model significantly outperformed prior work. While baseline models achieved a weighted F1 score of 78.88%, the fully extended and Optuna-tuned version reached 93.47%, marking a 14.6% improvement. These results demonstrate the effectiveness of combining structured feature enrichment with hyperparameter optimization to enhance the accuracy and reliability of CVE-to-ATT&CK mappings.

Pages: 6 to 13

Copyright: Copyright (c) IARIA, 2025

Publication date: October 26, 2025

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-306-4

Location: Barcelona, Spain

Dates: from October 26, 2025 to October 30, 2025