Automating Reasoning with ATT and CK?

Abstract

MITRE ATT and CK is made up of TTPs (Tactics, Techniques, Procedures) Tactics are general goals (e.g., initial access, exfiltration) Techniques are descriptions of adversarial actions that achieve tactical goals (e.g., Spear phishing Attachment, Modify Registry, Input Capture) The community is interested in using ATT and CK for detection, prediction, forensics, and threat hunting because it provides behavioral observables for detecting attacks Our goal: Characterize ATT and CKs structure and usefulness for automated detection, etc., by analyzing their APT dataset

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 08, 2020
Accession Number
AD1145831

Entities

People

  • Jonathan M. Spring
  • Rawan Al-shaer

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Artificial Intelligence Computing
  • Attachment
  • Case Studies
  • Clustering
  • Data Sets
  • Department Of Defense
  • Detection
  • Engineering
  • Game Theory
  • Guarantees
  • Information Security
  • Materials
  • Models
  • Reasoning
  • Sequences
  • Software Development
  • Universities

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Neural Network Machine Learning.