FloCon 2020 has ended
Back To Schedule
Wednesday, January 8 • 10:00am - 10:30am
Automating Reasoning with ATT&CK?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
MITRE's ATT&CK framework is popular among computer network defense (CND) practitioners. One goal of ATT&CK is to enumerate adversary tactics and organize them under different strategies. This organization enables defenders to label observed adversary activity with tactics, then heuristically hypothesize what other adversary behaviors are likely, based on how that tactic is related to others in the framework. We evaluated how useful this approach would be. Our evaluation is based on measuring correlation and predictiveness among tactics in case studies curated by MITRE and labeled with ATT&CK tactics. We could not find any reliable relationships between tactics or strategies. We believe this is because the ATT&CK framework removed the structure provided by the diamond model. We will explain why model structure is important and what we might gain by restructuring ATT&CK to better capture temporal and structural relationships.

Contributor Unable to Attend:
Rawan Al-Shaer is a double major in Computer Science, Cybersecurity and Mathematics, Statistics at the University of North Carolina at Charlotte. Her main research interest is statistical machine learning for cybersecurity for adversarial behavioral characterization.

avatar for Jonathan

Jonathan "Jono" Spring

Senior Vulnerability Researcher, Carnegie Mellon University Software Engineering Institute
Dr. Jonathan Spring is a senior member of the technical staff with the CERT division of the Software Engineering Institute at Carnegie Mellon University. He began working at CERT in 2009. Prior posts include adjunct professor at the University of Pittsburgh’s School of Information... Read More →

Wednesday January 8, 2020 10:00am - 10:30am EST
Regency Ballroom Hyatt Regency Savannah 2 W. Bay Street Savannah GA 31401