Enhancing the STIX Representation of MITRE ATT&CK for Group Filtering   and Technique Prioritization

Mateusz Zych; Vasileios Mavroeidis

arXiv:2204.11368·cs.CR·April 27, 2022

Enhancing the STIX Representation of MITRE ATT&CK for Group Filtering and Technique Prioritization

Mateusz Zych, Vasileios Mavroeidis

PDF

Open Access

TL;DR

This paper improves the STIX 2.1 representation of MITRE ATT&CK groups by adding contextual data like motivations and origins, enabling more effective filtering and prioritization of threat groups and techniques.

Contribution

It introduces an enhanced STIX model that incorporates additional contextual information for better group filtering and technique prioritization.

Findings

01

Enhanced STIX model supports complex queries

02

Improved filtering of threat groups based on new context

03

Facilitates targeted threat intelligence retrieval

Abstract

In this paper, we enhance the machine-readable representation of the ATT&CK Groups knowledge base provided by MITRE in STIX 2.1 format to make available and queryable additional types of contextual information. Such information includes the motivations of activity groups, the countries they have originated from, and the sectors and countries they have targeted. We demonstrate how to utilize the enhanced model to construct intelligible queries to filter activity groups of interest and retrieve relevant tactical intelligence.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsMilitary Strategy and Technology · Scientific Computing and Data Management · Advanced Computational Techniques and Applications