{"id":"https://openalex.org/W4394692031","doi":"https://doi.org/10.3390/info15040214","title":"Automated Mapping of Common Vulnerabilities and Exposures to MITRE ATT&amp;CK Tactics","display_name":"Automated Mapping of Common Vulnerabilities and Exposures to MITRE ATT&amp;CK Tactics","publication_year":2024,"publication_date":"2024-04-10","ids":{"openalex":"https://openalex.org/W4394692031","doi":"https://doi.org/10.3390/info15040214"},"language":"en","primary_location":{"id":"doi:10.3390/info15040214","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info15040214","pdf_url":"https://www.mdpi.com/2078-2489/15/4/214/pdf?version=1712734456","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2078-2489/15/4/214/pdf?version=1712734456","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014120877","display_name":"Ioana Br\u0103nescu","orcid":null},"institutions":[{"id":"https://openalex.org/I61641377","display_name":"Universitatea Na\u021bional\u0103 de \u0218tiin\u021b\u0103 \u0219i Tehnologie Politehnica Bucure\u0219ti","ror":"https://ror.org/0558j5q12","country_code":"RO","type":"education","lineage":["https://openalex.org/I61641377"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Ioana Branescu","raw_affiliation_strings":["Computer Science & Engineering Department, National University of Science and Technology POLITEHNICA Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"Computer Science & Engineering Department, National University of Science and Technology POLITEHNICA Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania","institution_ids":["https://openalex.org/I61641377"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004269636","display_name":"Octavian Grigorescu","orcid":"https://orcid.org/0000-0002-8919-5718"},"institutions":[{"id":"https://openalex.org/I61641377","display_name":"Universitatea Na\u021bional\u0103 de \u0218tiin\u021b\u0103 \u0219i Tehnologie Politehnica Bucure\u0219ti","ror":"https://ror.org/0558j5q12","country_code":"RO","type":"education","lineage":["https://openalex.org/I61641377"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Octavian Grigorescu","raw_affiliation_strings":["Computer Science & Engineering Department, National University of Science and Technology POLITEHNICA Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"Computer Science & Engineering Department, National University of Science and Technology POLITEHNICA Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania","institution_ids":["https://openalex.org/I61641377"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072192995","display_name":"Mihai Dasc\u0103lu","orcid":"https://orcid.org/0000-0002-4815-9227"},"institutions":[{"id":"https://openalex.org/I33800924","display_name":"Academia Oamenilor de \u0218tiin\u021b\u0103 din Rom\u00e2nia","ror":"https://ror.org/04ybnj478","country_code":"RO","type":"facility","lineage":["https://openalex.org/I33800924"]},{"id":"https://openalex.org/I61641377","display_name":"Universitatea Na\u021bional\u0103 de \u0218tiin\u021b\u0103 \u0219i Tehnologie Politehnica Bucure\u0219ti","ror":"https://ror.org/0558j5q12","country_code":"RO","type":"education","lineage":["https://openalex.org/I61641377"]}],"countries":["RO"],"is_corresponding":true,"raw_author_name":"Mihai Dascalu","raw_affiliation_strings":["Academy of Romanian Scientists, Str. Ilfov, Nr. 3, 050044 Bucharest, Romania","Computer Science & Engineering Department, National University of Science and Technology POLITEHNICA Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"Academy of Romanian Scientists, Str. Ilfov, Nr. 3, 050044 Bucharest, Romania","institution_ids":["https://openalex.org/I33800924"]},{"raw_affiliation_string":"Computer Science & Engineering Department, National University of Science and Technology POLITEHNICA Bucharest, 313 Splaiul Independentei, 060042 Bucharest, Romania","institution_ids":["https://openalex.org/I61641377"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5072192995"],"corresponding_institution_ids":["https://openalex.org/I33800924","https://openalex.org/I61641377"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":16.0322,"has_fulltext":true,"cited_by_count":21,"citation_normalized_percentile":{"value":0.98999323,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"15","issue":"4","first_page":"214","last_page":"214"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7420732378959656},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6619015336036682},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5975856184959412},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5050964951515198},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.47113412618637085},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.461967408657074},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.42743149399757385},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.37768635153770447},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.13778626918792725}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7420732378959656},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6619015336036682},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5975856184959412},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5050964951515198},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.47113412618637085},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.461967408657074},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.42743149399757385},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.37768635153770447},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.13778626918792725}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/info15040214","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info15040214","pdf_url":"https://www.mdpi.com/2078-2489/15/4/214/pdf?version=1712734456","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:82a10542fd924f61aaf1f6cf265d2fe0","is_oa":true,"landing_page_url":"https://doaj.org/article/82a10542fd924f61aaf1f6cf265d2fe0","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Information, Vol 15, Iss 4, p 214 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/info15040214","is_oa":true,"landing_page_url":"https://doi.org/10.3390/info15040214","pdf_url":"https://www.mdpi.com/2078-2489/15/4/214/pdf?version=1712734456","source":{"id":"https://openalex.org/S4210219776","display_name":"Information","issn_l":"2078-2489","issn":["2078-2489"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6399999856948853,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G151804242","display_name":null,"funder_award_id":"2PTE/2020","funder_id":"https://openalex.org/F4320323983","funder_display_name":"Unitatea Executiva pentru Finantarea Invatamantului Superior, a Cercetarii, Dezvoltarii si Inovarii"},{"id":"https://openalex.org/G5446915556","display_name":null,"funder_award_id":"UEFISCDI","funder_id":"https://openalex.org/F4320323444","funder_display_name":"Autoritatea National\u0103 pentru Cercetare Stiintific\u0103"},{"id":"https://openalex.org/G7430875941","display_name":null,"funder_award_id":"grant","funder_id":"https://openalex.org/F4320323983","funder_display_name":"Unitatea Executiva pentru Finantarea Invatamantului Superior, a Cercetarii, Dezvoltarii si Inovarii"}],"funders":[{"id":"https://openalex.org/F4320315989","display_name":"National Authority for Scientific Research and Innovation","ror":null},{"id":"https://openalex.org/F4320323444","display_name":"Autoritatea National\u0103 pentru Cercetare Stiintific\u0103","ror":"https://ror.org/03padf885"},{"id":"https://openalex.org/F4320323983","display_name":"Unitatea Executiva pentru Finantarea Invatamantului Superior, a Cercetarii, Dezvoltarii si Inovarii","ror":"https://ror.org/01q7jq182"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4394692031.pdf"},"referenced_works_count":8,"referenced_works":["https://openalex.org/W54887220","https://openalex.org/W2896457183","https://openalex.org/W3105604018","https://openalex.org/W3115913034","https://openalex.org/W3212907387","https://openalex.org/W4294343684","https://openalex.org/W4319079731","https://openalex.org/W4387448886"],"related_works":["https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W4237162029","https://openalex.org/W2367268135","https://openalex.org/W2385701518","https://openalex.org/W4237464767","https://openalex.org/W2068562251","https://openalex.org/W4252295672","https://openalex.org/W1480190076","https://openalex.org/W3081644756"],"abstract_inverted_index":{"Effectively":[0],"understanding":[1],"and":[2,32,62,69,76,80,92,96,185,212],"categorizing":[3,93],"vulnerabilities":[4],"is":[5,87,177],"vital":[6],"in":[7,194],"the":[8,22,26,33,38,51,66,81,103,105,123,134,209,216],"ever-evolving":[9],"cybersecurity":[10,43,124],"landscape,":[11],"since":[12],"only":[13],"one":[14],"exposure":[15],"can":[16],"have":[17,117],"a":[18,88,114,118,165,191],"devastating":[19],"effect":[20],"on":[21,74,122],"entire":[23],"system.":[24],"Given":[25],"increasingly":[27],"massive":[28],"number":[29],"of":[30,35,59,174],"threats":[31],"size":[34],"modern":[36],"infrastructures,":[37],"need":[39],"for":[40,90,219],"structured,":[41],"uniform":[42],"knowledge":[44],"systems":[45],"arose.":[46],"To":[47],"tackle":[48,155],"this":[49,156],"challenge,":[50],"MITRE":[52,82,137],"Corporation":[53],"set":[54],"up":[55],"two":[56,106],"powerful":[57],"sources":[58],"cyber":[60],"threat":[61],"vulnerability":[63],"information,":[64],"namely":[65],"Common":[67],"Vulnerabilities":[68],"Exposures":[70],"(CVEs)":[71],"list":[72],"focused":[73],"identifying":[75],"fixing":[77],"software":[78],"vulnerabilities,":[79],"ATT&amp;CK":[83,138],"Enterprise":[84],"Matrix,":[85],"which":[86,176],"framework":[89],"defining":[91],"adversary":[94],"actions":[95],"ways":[97],"to":[98,129,133,148,154,206],"defend":[99],"against":[100],"them.":[101],"At":[102],"moment,":[104],"are":[107,152,162],"not":[108],"directly":[109],"linked,":[110],"even":[111],"if":[112],"such":[113],"link":[115],"would":[116],"significant":[119],"positive":[120],"impact":[121],"community.":[125],"This":[126],"study":[127],"aims":[128],"automatically":[130],"map":[131],"CVEs":[132],"corresponding":[135],"14":[136],"tactics":[139],"using":[140],"state-of-the-art":[141],"transformer-based":[142],"models.":[143],"Various":[144],"architectures,":[145],"from":[146],"encoders":[147],"generative":[149],"large-scale":[150],"models,":[151],"employed":[153],"multilabel":[157],"classification":[158],"problem.":[159],"Our":[160],"results":[161],"promising,":[163],"with":[164,170],"SecRoBERTa":[166],"model":[167],"performing":[168],"best":[169],"an":[171,202],"F1":[172],"score":[173],"77.81%,":[175],"closely":[178],"followed":[179],"by":[180],"SecBERT":[181],"(78.77%),":[182],"CyBERT":[183],"(78.54%),":[184],"TARS":[186],"(78.01%),":[187],"while":[188],"GPT-4":[189],"showed":[190],"weak":[192],"performance":[193,211],"zero-shot":[195],"settings":[196],"(22.04%).":[197],"In":[198],"addition,":[199],"we":[200],"perform":[201],"in-depth":[203],"error":[204],"analysis":[205],"better":[207],"understand":[208],"models\u2019":[210],"limitations.":[213],"We":[214],"release":[215],"code":[217],"used":[218],"all":[220],"experiments":[221],"as":[222],"open":[223],"source.":[224]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2024-04-11T00:00:00"}