VATH: A System for Extracting Relationships between Vulnerabilities and Attackers to Support Threat Hunting

• Published in: IEICE Transactions on Information and Systems Vol. E108.D; no. 8; pp. 917 - 932
• Main Authors: HIRAYABU, Masayuki, SHIRAISHI, Yoshiaki
• Format: Journal Article
• Language: English
• Published: The Institute of Electronics, Information and Communication Engineers 01.08.2025; 一般社団法人 電子情報通信学会
• Subjects: MITRE ATT&CK; ontology; risk assessments; threat hunting; vulnerability
• ISSN: 0916-8532; 1745-1361
• DOI: 10.1587/transinf.2024DAK0001

Given the finite nature of an organization’s security resources, effectively countering all risks can be quite challenging. Threat hunting involves gathering information to make informed decisions about the allocation of security resources. Part of this responsibility for security personnel includes investigating the attack methods made possible by existing vulnerabilities, identifying potential attackers, and understanding their attack strategies. This study aims to support threat hunting efforts, ultimately aiding in the optimal distribution of security resources. To achieve this goal, we propose a system that combines data from NVD (National Vulnerability Database) and MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge). This system enables us to identify the attack methods that could be executed by exploiting specific vulnerabilities and the potential attackers who may leverage these methods. Through several examples, we have verified that the insights provided by our system align with information available from other sources. By leveraging the proposed system, investigations into attack methods and potential attackers can be conducted more efficiently, requiring fewer steps compared to manual investigations.