Automating Reasoning with ATT(and)CK
CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States
Pagination or Media Count:
MITRE ATT and CK is made up of TTP Tactics, Techniques, Procedures. They are low-level descriptions of adversarial actions Eg. T1193 Spearphishing Attachment, T1112 Modify Registry, T1056 Input Capture. The community is interested in using ATT and CK for detection, prediction, forensics, and threat hunting because it provides behavioral observables for detecting attacks. Our goal Characterize ATT and CKs structure and usefulness for automated detection, etc. especially of their APT dataset.
- Computer Systems Management and Standards