Automating Reasoning of MITRE ATT and CK for Predicting Cyber Attack Techniques using Statistical Machine Learning
Abstract
MITRE ATT and CK TTP (Tactics, Techniques, Procedures) are low-level descriptions of adversarial actions. Everyone is interested in using ATT and CK for detection, prediction, forensics, and threat hunting because it provides observables for detecting attacks. Goal: Characterize the behavior of APT, malware, and software attacks. Challenges: 1. MITRE ATT and CK is not ordered in a technique level important for prediction and threat hunting. 2. MITRE ATT and CK is not ordered in Kill Chain level important to understand attacker strategies and constructing TTP Chains. Hypothesis: Do MITRE ATT and CK techniques exhibit associations, preconditions, or post-conditions?
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2019
- Accession Number
- AD1082648
Entities
People
- Jonathan Spring
- Rawan Al-shaer
Organizations
- Carnegie Mellon University