Abstract

    As the number and complexity of cybersecurity threats continue to increase, security professionals must augment their knowledge by utilizing resources that provide insights into the attack patterns and techniques employed by attackers. This understanding allows them to better comprehend the potential impact of a vulnerability and prioritize the development of effective mitigation strategies within their organizations. The frequent emergence of CVEs and the impracticality of manually correlating them to MITRE ATT\&CK techniques necessitate the use of automated methods. Dependence on automation methods like Bidirectional Encoder Representations from Transformers (BERT) can become prohibitively expensive and time-consuming. With the continuous emergence of new vulnerabilities and revisions to the ATT\&CK framework, it is necessary to retrain the model to ensure precise mapping of these evolving patterns. To address this issue, This paper leverages Large Language Models (LLMs) to automate the mapping of CVE descriptions to MITRE ATT\&CK techniques, offering a scalable and accurate alternative to traditional methods. By embedding detailed CVE and MITRE ATT\&CK knowledge into the LLM, the model can more precisely identify and map vulnerabilities to specific attack techniques. The paper also explores innovative prompt design methods to enhance the LLM's comprehension and output quality. This approach leverages prompt engineering techniques without the need for training in general-purpose LLMs, including GPT-3.5, GPT-4o, OpenAI o1 and Gemini 2.5 Pro, to achieve effective CVE to ATT\&CK mapping while optimizing cost and time efficiency. These models were selected to encompass a broad spectrum of LLM architectures, ensuring diverse methodological coverage and robust validation.

Statistics