To address the low efficiency and poor interpretability of manual CVE–CAPEC association, this paper proposes an NLP-driven automated mapping method. The approach synergistically integrates BERT-based semantic embeddings with domain-specific keyword rule matching, leveraging cosine similarity and a hybrid ranking strategy to achieve accurate and interpretable vulnerability–attack-pattern alignment. Its core innovation lies in a joint modeling mechanism that unifies semantic (neural) and symbolic (rule-based) features, thereby balancing generalization capability with domain knowledge constraints. Extensive experiments on multiple real-world datasets demonstrate that our method improves association accuracy by 18.7% over state-of-the-art baselines while reducing average analysis time by 63%, significantly alleviating manual verification effort. This work establishes a novel paradigm for automated threat intelligence analysis.

Threat analysis is continuously growing in importance due to the always-increasing complexity and frequency of cyber attacks. Analyzing threats demands significant effort from security experts, leading to delays in the security analysis process. Different cybersecurity knowledge bases are currently available to support this task but manual efforts are often required to correlate such heterogenous sources into a unified view that would enable a more comprehensive assessment. To address this gap, we propose a methodology leveraging Natural Language Processing (NLP) to effectively and efficiently associate Common Vulnerabilities and Exposure (CVE) vulnerabilities with Common Attack Pattern Enumeration and Classification (CAPEC) attack patterns. The proposed technique combines semantic similarity with keyword analysis to improve the accuracy of association estimations. Experimental evaluations demonstrate superior performance compared to state-of-the-art models, reducing manual effort and analysis time, and enabling cybersecurity professionals to prioritize critical tasks.