MITRE ATT&CK: State of the Art and Way Forward

TL;DR

This paper reviews over fifty research contributions utilizing the MITRE ATT&CK framework, analyzing their methodologies, applications, and future research directions in threat modeling and cyber-threat intelligence.

Contribution

It provides the first comprehensive analysis of current research leveraging the MITRE ATT&CK framework, categorizing methodologies and identifying open issues.

Findings

Most studies focus on threat modeling and detection.

Diverse application scenarios and methodologies are identified.

Open issues include data integration and real-time analysis.

Abstract

MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques and procedures based on real-world observations. It has been used as a foundation for threat modelling in different sectors, such as government, academia and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study and investigation of the current state of the art leveraging the MITRE ATT&CK framework. We select and inspect more than fifty major research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. We provide a categorization of the identified papers according to different criteria such as use cases, application scenarios, adopted methodologies and the use of additional data. Finally, we discuss open issues and future research directions involving not only the MITRE ATT&CK framework but also the fields of risk analysis and cyber-threat intelligence at large.