Date of Graduation
5-2026
Document Type
Thesis
Degree Name
Master of Science in Computer Science (MS)
Degree Level
Graduate
Department
Electrical Engineering and Computer Science
Advisor/Mentor
Li, Qinghua
Committee Member
Jin, Kevin
Second Committee Member
Pan, Yanjun
Keywords
AI; Attack; Cybersecurity; Transformer; Vulnerability
Abstract
Common Vulnerabilities and Enumerations (CVEs) are vulnerabilities found in software and hardware components that can be exploited by adversaries. MITRE ATT&CK (adversarial tactics, techniques, and common knowledge) serves as a knowledge base containing information related to the execution of cyberattacks. Both resources are often used in tandem for cybersecurity threat modeling, but there is no official linkage between CVEs and MITRE ATT&CK techniques. This paper presents a novel hybrid approach that combines graph neural networks (GNNs) and transformers to infer relationships between the two resources. Three different pipelines are used to generate embeddings to learn new representations of nodes (CVEs and techniques) to be used in downstream binary classification tasks performed by traditional ML models: transformer-only, GNN-only, and a combination of GNN and transformer. Experimental results demonstrate strong performance, with an average accuracy using GNN-trained transformer embeddings of 0.9394 for CVE-to-techniques and 0.9765 for CVE-to-tactics. These findings suggest that leveraging the semantic understanding offered by transformers with the relational information learned by the GNN can improve the model's ability to perform accurate link prediction.
Citation
Gonzalez, R. (2026). Using Graph Neural Networks and Transformer Embeddings to Map Vulnerabilities to MITRE ATT&CK Tactics and Techniques. Graduate Theses and Dissertations Retrieved from https://scholarworks.uark.edu/etd/6303