Accession Number:

AD1088924

Title:

Automating Reasoning with ATT(and)CK

Descriptive Note:

Conference Paper

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Personal Author(s):

Report Date:

2020-01-08

Pagination or Media Count:

16.0

Abstract:

MITRE ATT and CK is made up of TTP Tactics, Techniques, Procedures. They are low-level descriptions of adversarial actions Eg. T1193 Spearphishing Attachment, T1112 Modify Registry, T1056 Input Capture. The community is interested in using ATT and CK for detection, prediction, forensics, and threat hunting because it provides behavioral observables for detecting attacks. Our goal Characterize ATT and CKs structure and usefulness for automated detection, etc. especially of their APT dataset.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE