Analysis Of Cyber Threat Detection And Emulation Using MITRE Attack Framework

Abstract

With a rapid increase in Cyber-attacks, Threat hunters such as Cyber Threat Intelligence (CTI) and their teams requires to analyze different techniques being employed by adversaries to hit a target objective. The attacker objectives can be from entering in your network, accessing system files and folders remotely, getting higher system privileges, stealing confidential passwords etc. to destroying systems and network. Pre attack patterns defined in enterprise knowledge base can play a major role to track adversary techniques and procedures in order to defend and response from such attacks. Anomalous and intrusion activities need to be unfolded by the approach adversaries are adopting to demolish secure enterprise networks. An appropriate system is required to better handle modern attack approaches and strategies used by attackers in order to identify vulnerabilities and successfully defend network channels. In this paper, we present an in-depth analysis of different threat detection methods and how to mitigate their impacts using MITRE ATT&CK framework. This framework is an extensively and freely accessible knowledge repository of tactics, techniques and procedures (TTPs) to gain an insight into what techniques adversaries are using in real time applications which aids in developing robust threat controlling programs in private sector, government, and in cybersecurity community.