Clustering doc2vec output for topic-dimensionality reduction: A MITRE ATT&CK calibration
Nathan Monnet, Loïc Maréchal, Julian Jang-Jaccard, Alain Mermoud
TL;DR
The study tackles the challenge of analyzing high-dimensional cybersecurity text by merging doc2vec embeddings with unsupervised clustering on MITRE ATT&CK descriptions to reduce topic dimensionality without sacrificing semantic structure. It compares K-means, Louvain, and Spectral clustering, finding four emergent super-tactics and identifying Louvain as the most practical baseline due to its balance of coherence and efficiency. The approach demonstrates robust risk-text analysis capabilities and can be extended to other domains with similarly structured risk taxonomies. Overall, the method offers a scalable, interpretable means to map cyber-risk narratives to structured threat frameworks, aiding risk attribution and strategic defense planning.
Abstract
We introduce a novel approach to text classification by combining doc2vec embeddings with advanced clustering techniques to improve the analysis of specialized, high-dimensional textual data. We integrate unsupervised methods such as Louvain, K-means, and Spectral clustering with doc2vec to enhance the detection of semantic patterns across a large corpus. As a case study, we apply this methodology to cybersecurity risk analysis using the MITRE ATT\&CK framework to structure and reduce the dimensionality of cyberattack tactics. Louvain clustering proved the most effective among the tested methods, achieving the best balance between cluster coherence and computational efficiency. Our approach identifies four "super tactics," demonstrating how clustering improves thematic coherence and risk attribution. The results validate the utility of combining doc2vec with clustering, particularly Louvain, for enhancing topic modeling and text classification.