Learning the Associations of MITRE ATT CK Adversarial Techniques

04/16/2020
by   Rawan Al-Shaer, et al.
0

The MITRE ATT CK Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures (TTP). However, this information would be highly useful for attack diagnosis (i.e., forensics) and mitigation (i.e., intrusion response) if we can reliably construct technique associations that will enable predicting unobserved attack techniques based on observed ones. In this paper, we present our statistical machine learning analysis on APT and Software attack data reported by MITRE ATT CK to infer the technique clustering that represents the significant correlation that can be used for technique prediction. Due to the complex multidimensional relationships between techniques, many of the traditional clustering methods could not obtain usable associations. Our approach, using hierarchical clustering for inferring attack technique associations with 95 provides statistically significant and explainable technique correlations. Our analysis discovers 98 different technique associations (i.e., clusters) for both APT and Software attacks. Our evaluation results show that 78 techniques associated by our algorithm exhibit significant mutual information that indicates reasonably high predictability.

READ FULL TEXT
research
01/12/2023

Non-linear correlation analysis in financial markets using hierarchical clustering

Distance correlation coefficient (DCC) can be used to identify new assoc...
research
07/11/2021

Attack Rules: An Adversarial Approach to Generate Attacks for Industrial Control Systems using Machine Learning

Adversarial learning is used to test the robustness of machine learning ...
research
03/16/2023

ESCAPE: Countering Systematic Errors from Machine's Blind Spots via Interactive Visual Analysis

Classification models learn to generalize the associations between data ...
research
03/11/2021

The Curse of Correlations for Robust Fingerprinting of Relational Databases

Database fingerprinting schemes have been widely adopted to prevent unau...
research
01/27/2020

Behavior Associations in Lone-Actor Terrorists

Terrorist attacks carried out by individuals or single cells have signif...
research
04/04/2022

Robust Fingerprinting of Genomic Databases

Database fingerprinting has been widely used to discourage unauthorized ...
research
01/27/2013

Equitability Analysis of the Maximal Information Coefficient, with Comparisons

A measure of dependence is said to be equitable if it gives similar scor...

Please sign up or login with your details

Forgot password? Click here to reset