Accession Number:

AD1107945

Title:

Finding Cyber Threats with ATT(and)CK(registered trademark)-Based Analytics

Descriptive Note:

Technical Report

Corporate Author:

MITRE CORP ANNAPOLIS JUNCTION MD ANNAPOLIS JUNCTION United States

Report Date:

2017-06-01

Pagination or Media Count:

53.0

Abstract:

Post-compromise intrusion detection of cyber adversaries is an important capability for networkdefenders as adversaries continue to evolve methods for compromising systems and evadingcommon defenses. This paper presents a methodology for using the MITRE ATT and CKframework, a behavioral-based threat model, to identify relevant defensive sensors and build,test, and refine behavioral-based analytic detection capabilities using adversary emulation. Thismethodology can be applied to enhance enterprise network security through defensive gapanalysis, endpoint security product evaluations, building and tuning behavioral analytics for aparticular environment, and performing validation of defenses against a common threat modelusing a red team emulating known adversary behavior.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE