Threat Profiles Analysis Based On MITRE ATT&CK Knowledge Base

Abstract

The rapid adoption of new technologies leads to more exposure and growth of individual and organizational attack surfaces, while also the threat landscape is getting more complex and new emerging threats. “know your enemy and know yourself” [1] This statement summarizes the best approach into tackling threats in our cyber space, to be more risk driven approach into building up the capabilities of the defenses of the organization. Learning the behaviors of the threat groups with the motives and intent to harm will help identify the capabilities required to defend against those threats. MITRE corporation helped by building the ATT&CK framework to support the cyber security industry in standardizing mapping TTPs and having a central repository of different types of threats such as groups, software, and campaigns. This thesis presents two main phases, starting with ”MITRE ATT&CK: State of the Art and Way Forward” a study into research papers that focuses on the usage of MITRE ATT&CK framework or utilization of the MITRE datasets that contain different types of threats. We have selected and inspected more than fifty research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. This first phase of our thesis lead to a survey paper, in which we have summarized, described the methodology, evaluation technique and future directions for each paper while mapped to our four categorization Behavioral analytic – 21 Papers, Red teaming – 9 papers, Defensive gap assessment – 6 papers, and Cyber Threat Intelligence enrichment – 21 papers. The findings we have described our findings and insights according to different categories such as application scenarios, input types, adopted techniques and lastly input datasets. We concluded our survey paper by presenting the limitations and exciting challenges of the current state of the art while providing some future directions identified from analyzed research papers. The gained perspectives from our survey led us to propose a fundamental approach, which resulted in the second phase of our thesis, ”Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database.” There are valuable insights within MITRE ATT&CK knowledge-base that can be applied to various fields and applications, such as risk assessment, threat characterization, threat modeling, research on trending threat techniques, etc. No previous work has been devoted to the comprehensive collection and investigation of statistical insights of the MITRE ATT&CK dataset. Hence, this work aimed to extract, analyze, and represent MITRE ATT&CK statistical insights providing valuable recommendations to improve the security aspects of Enterprise, Industrial Control Systems (ICS), and mobile digital infrastructures. For this purpose, we conduct a hierarchical analysis starting from MITRE ATT&CK threat profiles toward the list of techniques in the MITRE ATT&CK database; our developed approach has led to a research paper highlighting our main contribution. Finally, we summarize our key findings while providing recommendations that will pave the way for future research in the area.

Date of Award	2024
Original language	American English
Awarding Institution	HBKU College of Science and Engineering