1,721,107 research outputs found
capec
<p>Common Attack Pattern Enumeration and Classification (CAPEC) effort is a publicly available, community-developed list of common attack patterns along with a comprehensive schema and classification taxonomy. Each attack pattern captures knowledge about how specific parts of an attack are designed and executed, providing the attacker’s perspective on the problem and the solution, and gives guidance on ways to mitigate the attack’s effectiveness.<br>
The author looked at 453 documented attack patterns and enumerated the associated severity, likelihood of exploit and attacker skill required as documented by CAPEC, eventually identifying 27 attack patterns.</p>
<p> </p>
<p>More information at http://capec.mitre.org/data/index.html#downloads</p>
The CAPEC Database
The Computer-Aided Process Engineering Center (CAPEC) database of measured data was established with the aim to promote greater data exchange in the chemical engineering community. The target properties are pure component properties, mixture properties, and special drug solubility data. The database divides pure component properties into primary, secondary, and functional properties. Mixture properties are categorized in terms of the number of components in the mixture and the number of phases present. The compounds in the database have been classified on the basis of the functional groups in the compound. This classification makes the CAPEC database a very useful tool, for example, in the development of new property models, since properties of chemically similar compounds are easily obtained. A program with efficient search and retrieval functions of properties has been developed
Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques
For effective vulnerability management, vulnerability and attack information must be collected quickly and efficiently. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of common attributes and approaches employed by adversaries to exploit known weaknesses. Due to the fact that the information in these two repositories are not linked, identifying related CAPEC attack information from CVE vulnerability information is challenging. Currently, the related CAPEC-ID can be traced from the CVE-ID using Common Weakness Enumeration (CWE) in some but not all cases. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using three similarity measures: TF–IDF, Universal Sentence Encoder (USE), and Sentence-BERT (SBERT). We prepared and used 58 CVE-IDs as test input data. Then, we tested whether we could trace CAPEC-IDs related to each of the 58 CVE-IDs. Additionally, we experimentally confirm that TF–IDF is the best similarity measure, as it traced 48 of the 58 CVE-IDs to the related CAPEC-ID
Assessing The Security Posture Of Openemr Using Capec Attack Patterns
Attack patterns describe the common methods of exploiting software. Good software engineering practices and principles alone are not enough to produce secure software. It is also important to know how software it attacked and to guard against it. Knowledge of attack patterns provides a good perspective of an attacker, thus enabling developers and testers to build secure software. CAPEC list is a taxonomy of attack patterns which we believe can enhance security testing. This research seeks to assess the security posture of OpenEMR 4.1.1, an open source Electronic Medical Record (EMR) system, based on CAPEC attack patterns. Five categories of CAPEC attack patterns were analyzed to find their relevance and applicability to OpenEMR. Whereas inapplicable attack patterns were not further considered, applicable attack patterns were further tested to assess OpenEMR vulnerability to them. Various security testing tools were used to carry out the tests. Attack patterns helped to focus black-box and white-box testing procedures on what and where to test. OpenEMR was found to be vulnerable to a number of vulnerabilities such as cross site scripting, authentication bypass, session sidejacking, among others. A number of exploitations were carried out based on the vulnerabilities discovered
Tracing CAPEC Attack Patterns from CVE Vulnerability Information using Natural Language Processing Technique
To effectively respond to vulnerabilities, information must not only be collected efficiently and quickly but also the vulnerability and the attack techniques must be understood. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses. Because the information in these two repositories is not directly related, identifying the related CAPEC attack information from the CVE vulnerability information is challenging. One proposed method traces some related CAPEC-ID from CVE-ID through Common Weakness Enumeration (CWE). However, it is not applicable to all patterns. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using TF-IDF and Doc2Vec. Additionally, we experimentally confirm that TF-IDF is more accurate than Doc2vec
A Hierarchical Approach for Useable and Consistent CAPEC-based Attack Patterns
The inability to gather, analyze and share various aspects of an attack has made it difficult to effectively counter real-world information system attacks. The lack of a formally defined vocabulary which can express an “attacker‟s-perspective” makes collaboration of academic research difficult. These problems lead to significant confusion by security managers and decision makers who are constantly bombarded by the media and security vendors attempting to describe or prevent the latest attack (Hoglund & McGraw, 2004). The Common Attack Pattern Enumeration Classification (CAPEC) Release 1 Dictionary defines attack patterns as a formalized representation of a computer attacker‟s tools, methodologies, and perspective (capec.mitre.org, 2007). CAPEC provides a formal definition of each attack by providing descriptive textual fields. These fields, defined as elements, provide explicit details for each identified attack pattern. The current CAPEC release includes a list of 101 specific information system attacks. Each attack pattern may include up to 30 elements to describe attack details. While CAPEC has addressed the need to create a standard for representing and defining attacks from an attacker‟s perspective, issues pertaining to usability and consistency exist. The goal of this research is to further refine and extend the CAPEC framework in order to provide usability and consistency. Issues of usability arise when CAPEC adopters attempt to leverage the Release 1 dictionary because of the sheer amount of information presented (Engebretson, Pauli, & Streff, 2008). Furthermore, while the details of each attack pattern are extremely valuable, CAPEC does not provide a consistent level of documentation for each element among the 101 attack patterns. Our approach includes three distinct processes to take the vast repository of CAPEC information and create a usable and consistent model for leveraging attack pattern details in system security configurations. Process one creates a framework for general parent mitigations for each attack pattern. Parent mitigations are abstracted directly from the “solutions and mitigation” element in CAPEC and adds the appropriate National Institute of Standards and Technology (NIST) based Parent Mitigation element (Engebretson et al., 2008). These solutions and mitigations improve the resistance of the target software and reduce the likelihood of the attack‟s success. They also improve the resilience of the target software and reduce the impact of the attack if it is successful. Process two re-includes a Parent level Threat as an attack pattern element. The Parent Threat element places all 101 of the attack patterns into context without having to manually interact with both the full Release 1 dictionary and the CAPEC Classification Tree, thus ridding our approach of this manual research. We also use the Parent Threat element to provide structure in our hierarchy-based graphical models. Textual attack descriptions for viewing attack patterns are created to provide additional details about each attack pattern in a consistent manner. Process three creates two security metrics, Knock-Out Effect (KOE) and Parent Mitigation Power (PMP), to provide usability to CAPEC. The addition of security metrics to our approach allows adopters to quickly and accurately leverage the vast amount of information provided by the CAPEC standard from both the individual attack pattern and parent mitigation perspectives. The result of this dissertation is an approach for increasing the usability and consistency of the CAPEC standard. The use of a taxonomy for cataloging and organizing attacks can increase awareness and communication about attacks as well as provide a framework for collecting consistent data about each attack (Hansman & Hunt, 2005). Process one abstracts nearly 400 unique mitigation strategies into one of 17 commonly accepted, Parent Mitigations. Process two re-includes the “Parent Threat” element into the dictionary to provide consistency and context to each attack pattern. The creation of graphical hierarchies and textual attack descriptions are used to provide CAPEC with visual and textual representations for each attack without becoming overwhelming to the user. The introduction of a defined hierarchy between descriptive elements assists with learning and processing attack patterns. The significance of this process is a much clearer and less convoluted picture of the attack, resulting in a more usable and appropriate element set. Process three creates security metrics derived from defined mitigation strategies, which creates a measurable numeric value which can allow security personnel to make more informed security decisions, play what-if security scenarios, and quickly analyze the cost-benefit for mitigation strategies
Using Capec Attack Patterns For Developing Abuse Cases
To engineer secure software, it is imperative to understand attackers\u27 perspectives and approaches. This information has been captured by attack patterns. The Common Attack Patterns Enumeration Classification (CAPEC) repository hosts over 450 attack patterns that contain information about how attacks have been launched against software. Researches have indicated that attack patterns can be utilized for developing secure software; however, there exists no systematic methodology to address this concern. This research proposes a methodology for utilizing CAPEC attack patterns for developing abuse cases at the requirements stage of the secure software development lifecycle (SDLC). In previous research, a tool for retrieving attack patterns (TrAP) was developed to retrieve CAPEC attack patterns according to Microsoft STRIDE threat categories. This tool also features a search function using keywords. The proposed methodology starts with a set of initial abuse cases developed through brainstorming. Microsoft SDL threat modelling tool is then used to identify and rank possible security threats in the system. The SDL tool generates a series of questions for each threat and these questions are used to extract keywords that serve as input to the TrAP tool to retrieve attack patterns relevant to the abuse cases. Keywords can also be system prerequisites or any technology being implemented in the system. From the list of retrieved attack patterns, the most relevant attack patterns are selected and used to extend the initial abuse cases. New abuse cases can also be discovered through this process
A new multi-label dataset for Web attacks CAPEC classification using machine learning techniques
Context: There are many datasets for training and evaluating models to detect web attacks, labeling each request as normal or attack. Web attack protection tools must provide additional information on the type of attack detected, in a clear and simple way. Objectives: This paper presents a new multi-label dataset for classifying web attacks based on CAPEC classification, a new way of features extraction based on ASCII values, and the evaluation of several combinations of models and algorithms. Methods: Using a new way to extract features by computing the average of the sum of the ASCII values of each of the characters in each field that compose a web request, several combinations of algorithms (LightGBM and CatBoost) and multi-label classification models are evaluated, to provide a complete CAPEC classification of the web attacks that a system is suffering. The training and test data used for training and evaluating the models come from the new SR-BH 2020 multi-label dataset. Results: Calculating the average of the sum of the ASCII values of the different characters that make up a web request shows its usefulness for numeric encoding and feature extraction. The new SR-BH 2020 multi-label dataset allows the training and evaluation of multi-label classification models, also allowing the CAPEC classification of the various attacks that a web system is undergoing. The combination of the two-phase model with the MultiOutputClassifier module of the scikit-learn library, together with the CatBoost algorithm shows its superiority in classifying attacks in the different criticality scenarios. Conclusion: Experimental results indicate that the combination of machine learning algorithms and multi-phase models leads to improved prediction of web attacks. Also, the use of a multi-label dataset is suitable for training learning models that provide information about the type of attack. (c) 2022 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/
Using Topic Modeling and LLMs to Recommend CAPEC Attack Patterns: A Comparative Study
As technology becomes more prominent today, the need for cybersecurity increases. Software developers must develop secure software systems. Common Attack Pattern Enumeration and Classification (CAPEC) is a community resource developed by the U.S. Department of Homeland Security as part of the Software Assurance strategic initiative of the Office of Cybersecurity and Communications. The CAPEC repository provides a collection of over 500 attack patterns, which contains information on software vulnerabilities and how they can be exploited using the given attack pattern. With the repository containing so much information, it can be challenging for software developers to identify which attack pattern is most relevant to their project. This project compares three methodologies for recommending relevant attack patterns: topic modeling, text embedding with OpenAI\u27s GPT-4o-mini model, and prompting with the same model. These methods are evaluated based on the relevance of the recommended attack patterns to the software requirement specification project being tested. The CAPEC description and the prerequisites for each attack as criteria. A publicly available SRS will be used to evaluate these three methods. The results showed that the prompting method was the best-performing method for recommending attack patterns.https://digital.library.ncat.edu/gradresearchsymposium25/1149/thumbnail.jp
- …
