Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database
<p dir="ltr">MITRE ATT&CK is a comprehensive knowledge-base of adversary tactics, techniques, and procedures (TTP) based on real-world attack scenarios. It has been used in different sectors, such as government, academia, and industry, as a foundation for threat modeling, risk as...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , |
| Published: |
2023
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1864513510746095616 |
|---|---|
| author | Bader Al-Sada (19160668) |
| author2 | Alireza Sadighian (19160671) Gabriele Oligeri (14151426) |
| author2_role | author author |
| author_facet | Bader Al-Sada (19160668) Alireza Sadighian (19160671) Gabriele Oligeri (14151426) |
| author_role | author |
| dc.creator.none.fl_str_mv | Bader Al-Sada (19160668) Alireza Sadighian (19160671) Gabriele Oligeri (14151426) |
| dc.date.none.fl_str_mv | 2023-12-18T00:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1109/access.2023.3344680 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Analysis_and_Characterization_of_Cyber_Threats_Leveraging_the_MITRE_ATT_CK_Database/26316925 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Information systems Knowledge based systems Behavioral sciences Smart phones Malware Databases Computer crime Industrial control Computer security Cyber threat intelligence Threat assessment |
| dc.title.none.fl_str_mv | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p dir="ltr">MITRE ATT&CK is a comprehensive knowledge-base of adversary tactics, techniques, and procedures (TTP) based on real-world attack scenarios. It has been used in different sectors, such as government, academia, and industry, as a foundation for threat modeling, risk assessment, and defensive strategies. There are valuable insights within MITRE ATT&CK knowledge-base that can be applied to various fields and applications, such as risk assessment, threat characterization, and attack modeling. No previous work has been devoted to the comprehensive collection and investigation of statistical insights of the MITRE ATT&CK dataset. Hence, this work aims to extract, analyze, and represent MITRE ATT&CK statistical insights providing valuable recommendations to improve the security aspects of Enterprise, Industrial Control Systems (ICS), and mobile digital infrastructures. For this purpose, we conduct a hierarchical analysis starting from MITRE ATT&CK threat profiles toward the list of techniques in the MITRE ATT&CK database. Finally, we summarize our key findings while providing recommendations that will pave the way for future research in the area.</p><h2>Other Information</h2><p dir="ltr">Published in: IEEE Access<br>License: <a href="https://creativecommons.org/licenses/by/4.0" target="_blank">https://creativecommons.org/licenses/by/4.0</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2023.3344680" target="_blank">https://dx.doi.org/10.1109/access.2023.3344680</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_cda13cdc7edc64e523cac1b140b8ae06 |
| identifier_str_mv | 10.1109/access.2023.3344680 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/26316925 |
| publishDate | 2023 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK DatabaseBader Al-Sada (19160668)Alireza Sadighian (19160671)Gabriele Oligeri (14151426)Information and computing sciencesCybersecurity and privacyDistributed computing and systems softwareInformation systemsKnowledge based systemsBehavioral sciencesSmart phonesMalwareDatabasesComputer crimeIndustrial controlComputer securityCyber threat intelligenceThreat assessment<p dir="ltr">MITRE ATT&CK is a comprehensive knowledge-base of adversary tactics, techniques, and procedures (TTP) based on real-world attack scenarios. It has been used in different sectors, such as government, academia, and industry, as a foundation for threat modeling, risk assessment, and defensive strategies. There are valuable insights within MITRE ATT&CK knowledge-base that can be applied to various fields and applications, such as risk assessment, threat characterization, and attack modeling. No previous work has been devoted to the comprehensive collection and investigation of statistical insights of the MITRE ATT&CK dataset. Hence, this work aims to extract, analyze, and represent MITRE ATT&CK statistical insights providing valuable recommendations to improve the security aspects of Enterprise, Industrial Control Systems (ICS), and mobile digital infrastructures. For this purpose, we conduct a hierarchical analysis starting from MITRE ATT&CK threat profiles toward the list of techniques in the MITRE ATT&CK database. Finally, we summarize our key findings while providing recommendations that will pave the way for future research in the area.</p><h2>Other Information</h2><p dir="ltr">Published in: IEEE Access<br>License: <a href="https://creativecommons.org/licenses/by/4.0" target="_blank">https://creativecommons.org/licenses/by/4.0</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2023.3344680" target="_blank">https://dx.doi.org/10.1109/access.2023.3344680</a></p>2023-12-18T00:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1109/access.2023.3344680https://figshare.com/articles/journal_contribution/Analysis_and_Characterization_of_Cyber_Threats_Leveraging_the_MITRE_ATT_CK_Database/26316925CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/263169252023-12-18T00:00:00Z |
| spellingShingle | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database Bader Al-Sada (19160668) Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Information systems Knowledge based systems Behavioral sciences Smart phones Malware Databases Computer crime Industrial control Computer security Cyber threat intelligence Threat assessment |
| status_str | publishedVersion |
| title | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database |
| title_full | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database |
| title_fullStr | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database |
| title_full_unstemmed | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database |
| title_short | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database |
| title_sort | Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database |
| topic | Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Information systems Knowledge based systems Behavioral sciences Smart phones Malware Databases Computer crime Industrial control Computer security Cyber threat intelligence Threat assessment |