{"id":"https://openalex.org/W7166889583","doi":"https://doi.org/10.48550/arxiv.2606.31557","title":"CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors","display_name":"CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors","publication_year":2026,"publication_date":"2026-06-30","ids":{"openalex":"https://openalex.org/W7166889583","doi":"https://doi.org/10.48550/arxiv.2606.31557"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2606.31557","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.31557","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2606.31557","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082464861","display_name":"Basant Agarwal","orcid":"https://orcid.org/0000-0002-5641-8313"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yadav, Swati","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020421681","display_name":"Dincy R. Arikkat","orcid":"https://orcid.org/0000-0003-0570-5459"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Arikkat, Dincy R.","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100710404","display_name":"Swati Yadav","orcid":"https://orcid.org/0000-0003-1208-8866"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Agarwal, Basant","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038688486","display_name":"Serena Nicolazzo","orcid":"https://orcid.org/0000-0003-2719-9526"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nicolazzo, Serena","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085793134","display_name":"Antonino Nocera","orcid":"https://orcid.org/0000-0003-2120-2341"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nocera, Antonino","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134377236","display_name":"Vinod P","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"P, Vinod","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.550599992275238,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.550599992275238,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.1941000074148178,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.03579999879002571,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8025000095367432},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5514000058174133},{"id":"https://openalex.org/keywords/relation","display_name":"Relation (database)","score":0.5353000164031982},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5248000025749207},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5109000205993652},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.44449999928474426},{"id":"https://openalex.org/keywords/macro","display_name":"Macro","score":0.43149998784065247},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4122999906539917}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8025000095367432},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7840999960899353},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5514000058174133},{"id":"https://openalex.org/C25343380","wikidata":"https://www.wikidata.org/wiki/Q277521","display_name":"Relation (database)","level":2,"score":0.5353000164031982},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.52920001745224},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5248000025749207},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5109000205993652},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.44449999928474426},{"id":"https://openalex.org/C166955791","wikidata":"https://www.wikidata.org/wiki/Q629579","display_name":"Macro","level":2,"score":0.43149998784065247},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4122999906539917},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.3953000009059906},{"id":"https://openalex.org/C527412718","wikidata":"https://www.wikidata.org/wiki/Q855395","display_name":"Interpretation (philosophy)","level":2,"score":0.38440001010894775},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3806999921798706},{"id":"https://openalex.org/C102379954","wikidata":"https://www.wikidata.org/wiki/Q2589940","display_name":"Call graph","level":2,"score":0.3709000051021576},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.3662000000476837},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.3596000075340271},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.3564000129699707},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.33399999141693115},{"id":"https://openalex.org/C2987255567","wikidata":"https://www.wikidata.org/wiki/Q33002955","display_name":"Knowledge graph","level":2,"score":0.31790000200271606},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.29649999737739563},{"id":"https://openalex.org/C61797465","wikidata":"https://www.wikidata.org/wiki/Q1188986","display_name":"Term (time)","level":2,"score":0.26930001378059387},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.2581999897956848},{"id":"https://openalex.org/C18555067","wikidata":"https://www.wikidata.org/wiki/Q8375051","display_name":"Joint (building)","level":2,"score":0.25540000200271606},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.25380000472068787}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2606.31557","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.31557","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2606.31557","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.31557","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.47818467020988464}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"In":[0],"the":[1,56],"evolving":[2],"threat":[3,40],"landscape,":[4],"adversaries":[5],"exploit":[6],"software":[7],"vulnerabilities":[8,51],"to":[9,30,69],"launch":[10],"sophisticated":[11],"attacks,":[12],"challenging":[13],"traditional":[14],"defenses.":[15],"Although":[16],"databases":[17],"like":[18],"CVE":[19],"and":[20,36,42,71,75,93,105,110,123],"NVD":[21],"provide":[22],"detailed":[23],"technical":[24],"information,":[25],"they":[26],"often":[27],"lack":[28],"links":[29,67],"attacker":[31],"behaviors":[32],"such":[33],"as":[34],"tactics":[35,70],"techniques,":[37],"limiting":[38],"effective":[39],"interpretation":[41],"response.":[43],"This":[44],"work":[45],"bridges":[46],"this":[47],"gap":[48],"by":[49],"connecting":[50],"with":[52,85,102],"behavioral":[53],"patterns":[54],"from":[55],"MITRE":[57],"ATT&amp;CK":[58],"framework.":[59],"We":[60],"construct":[61],"a":[62,128,139],"CVE-TTP":[63],"Knowledge":[64,143],"Graph":[65],"that":[66],"CVEs":[68],"techniques":[72],"using":[73],"classification":[74],"relation":[76,111],"extraction.":[77,112],"Transformer-based":[78],"models":[79],"are":[80,136],"developed":[81],"for":[82,108],"behavior":[83],"identification,":[84],"CySecBERT":[86],"achieving":[87],"macro":[88,117],"F1-scores":[89,118],"of":[90,119,148],"87.71%":[91],"(techniques)":[92],"96.16%":[94],"(tactics).":[95],"Also,":[96],"we":[97],"created":[98],"an":[99],"annotated":[100],"dataset":[101],"24,820":[103],"entities":[104],"43,608":[106],"relations":[107],"entity":[109],"The":[113],"pipeline-based":[114],"approach":[115],"achieves":[116,132],"0.86":[120],"(entity":[121],"extraction)":[122],"0.99":[124],"(relation":[125],"extraction),":[126],"while":[127],"span-based":[129],"joint":[130],"model":[131],"0.78.":[133],"These":[134],"outputs":[135],"integrated":[137],"into":[138],"Neo4j-based":[140],"Cyber":[141],"Threat":[142],"Graph,":[144],"enabling":[145],"structured":[146],"visualization":[147],"vulnerabilities.":[149]},"counts_by_year":[],"updated_date":"2026-07-08T06:17:01.165560","created_date":"2026-07-02T00:00:00"}
