Towards automation of threat modeling based on a semantic model of attack patterns and weaknesses
This work addresses the problem of manual and fragmented threat modeling in cybersecurity by proposing an automated, ontology-based approach, though it appears incremental as it builds on existing enumerations and frameworks.
The paper tackles the challenge of automating threat modeling by creating a semantic model that integrates security enumerations like ATT&CK, CAPEC, CWE, and CVE into an ontology, enabling the learning of relations between attack techniques, patterns, weaknesses, and vulnerabilities to build threat landscapes.
This works considers challenges of building and usage a formal knowledge base (model), which unites the ATT&CK, CAPEC, CWE, CVE security enumerations. The proposed model can be used to learn relations between attack techniques, attack pattern, weaknesses, and vulnerabilities in order to build various threat landscapes, in particular, for threat modeling. The model is created as an ontology with freely available datasets in the OWL and RDF formats. The use of ontologies is an alternative of structural and graph based approaches to integrate the security enumerations. In this work we consider an approach of threat modeling with the data components of ATT&CK based on the knowledge base and an ontology driven threat modeling framework. Also, some evaluations are made, how it can be possible to use the ontological approach of threat modeling and which challenges this can be faced.