Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.4.673

An APT Attack Scoring Method Using MITRE ATT&CK  

Cho, Sungyoung (Agency for Defense Development)
Park, Yongwoo (Agency for Defense Development)
Lee, Kunho (Agency for Defense Development)
Choi, Changhee (Agency for Defense Development)
Shin, Chanho (Agency for Defense Development)
Lee, Kyeongsik (Agency for Defense Development)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.4, 2022 , pp. 673-689 More about this Journal
Abstract
We propose an APT attack scoring method as a part of the process for detecting and responding to APT attacks. First, unlike previous work that considered inconsistent and subjective factors determined by cyber security experts in the process of scoring cyber attacks, we identify quantifiable factors from components of MITRE ATT&CK techniques and propose a method of quantifying each identified factor. Then, we propose a method of calculating the score of the unit attack technique from the quantified factors, and the score of the entire APT attack composed of one or more multiple attack techniques. We present the possibility of quantification to determine the threat level and urgency of cyber attacks by applying the proposed scoring method to the APT attack reports, which contains the hundreds of APT attack cases occurred worldwide. Using our work, it will be possible to determine whether actual cyber attacks have occurred in the process of detecting APT attacks, and respond to more urgent and important cyber attacks by estimating the priority of APT attacks.
Keywords
MITRE ATT&CK; Techniques; Scoring; Quantification; Threat Prioritization;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S. M. Milajerdi, R. Gjomemo, B. Eshete, R. Sekar and V. N. Venkatakrishnan, "HOLMES: Real-time APT detection through correlation of suspicious information flows," 2019 IEEE Symposium on Security and Privacy, pp. 1137-1152, May 2019
2 Wajih Ul Hassan, Adam Bates and Daniel Marino, "Tactical provenance analysis of endpoint detection and response systems," 2020 IEEE Symposium on Security and Privacy, pp.1172-1189, May 2020
3 Eric M. Hutchins, Michael J. Cloppert and Rohan M. Amin, "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains," Leading Issues in Information Warfare & Security Research, vol. 1, no. 1, pp. 80, 2011
4 Seokho Kim, Incheol Shin and Jaeki Jeong, "Personality Traits and Response Styles," The Journal of Survey Research, vol. 12, no. 5, pp.51-76, Jul. 2011
5 Blake E. Strom et al., "MITRE ATT& CK: Design and Philosophy," Technical Report, Mar. 2020 (available at https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf)
6 MITRE ATT&CK, https://attack.mitre.org/, accessed on Apr. 2022
7 MITRE CAPEC, https://capec.mitre.org/, accessed on Apr. 2022
8 SigmaHQ, Sigma, https://github.com/SigmaHQ/ sigma, accessed on April 2022
9 NSA/CSS Technical Cyber Threat Framework v2, https://nsa.gov/portal/75/documents/what-we-do/cybersecurity/professional-resources/ctr-nsa-css-technical-cyber-threat-framework.pdf, accessed on Apr. 2022
10 APT & CyberCriminal Campaign Collections, https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections, accessed on Apr. 2022
11 vlegoy, rcATT, https://github.com/vlegoy/rcATT, accessed on Apr. 2022
12 Valentine Solange Marin Legoy, "Retrieving ATT&CK tactics and techniques in cyber threat reports," MS thesis, University of Twente, 2019
13 MITRE ATT&CK, Groups, https://attack.mitre.org/groups/, accessed on Apr. 2022
14 Sungyoung Cho, Yongwoo Park and Kyeongsik Lee, "Implementation of an APT attack detection system through ATT&CK-based attack chain reconstruction," Journal of The Korea Institute of Information Security and Cryptology, vol. 32, no. 3, pp. 527-545, Jun. 2022   DOI
15 Sangsoo Kim, Shinwoo Shim, Seonyeong Lim and Seongmo Koo, "A Threat Prioritization Method Using User Behavior Data for Cyber Threat Hunting," The Journal of Korean Institute of Information Sciences, vol. 46, no. 11, pp.1853-1861, Nov. 2021   DOI