Learning the Associations of MITRE ATT&amp;CK Adversarial Techniques

Al-Shaer, Rawan; Spring, Jonathan M.; Christou, Eliana

doi:10.48550/arxiv.2005.01654

Cited by 2 publications

(3 citation statements)

References 6 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These systems comprise stored data, including student and lecturer profile pages, functionalities for the management of files through downloading and uploading various documents, and virtual learning-relevant forum pages. The present research employs a qualitative and descriptive methodology ( Invicti, 2021 ) based on penetration testing techniques ( Al-Shaer, Spring & Christou, 2020 ; Korniyenko et al, 2021 ; The MITRE Corporation, 2021 ; OWASP, 2021b ; Yosifova, 2021 ) to identify essential vulnerabilities in eLMS in Western Balkan HEIs. The primary objective is to discern critical vulnerabilities within eLMSs in HEIs situated in the Western Balkan region.…”

Section: Resultsmentioning

confidence: 99%

“…The process of penetration testing ( Zakaria et al, 2019 ) involves passive analysis of eLMS for weaknesses, technical flaws, or vulnerabilities. According to MITRE ATT&CK and OWASP ( Al-Shaer, Spring & Christou, 2020 ; Korniyenko et al, 2021 ; Pham & Dang, 2018 ; Zare, Zare & Azadi, 2018 ), the primary purpose of penetration tests is to find more effective attack vectors as well as exploit vulnerabilities.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

A lightweight framework for cyber risk management in Western Balkan higher education institutions

Kepuska,

Tomasevic

2024

PeerJ Computer Science

View full text Add to dashboard Cite

Higher education institutions (HEIs) have a significant presence in cyberspace. Data breaches in academic institutions are becoming prevalent. Online platforms in HEIs are a new learning mode, particularly in the post-COVID era. Recent studies on information security indicate a substantial increase in cybersecurity attacks in HEIs, because of their decentralized e-learning structure and diversity of users. In Western Balkans, there is a notable absence of incident response plans in universities, colleges, and academic institutions. Moreover, e-learning management systems have been implemented without considering security. This study proposes a cybersecurity methodology called a lightweight framework with proactive controls to address these challenges. The framework aims to identify cybersecurity vulnerabilities in learning management systems in Western Balkan countries and suggest proactive controls based on a penetration test approach.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

A lightweight framework for cyber risk management in Western Balkan higher education institutions

Kepuska,

Tomasevic

2024

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…Currently, there is a scarcity of research focused on the use of AI in the Mitre Att&ck model. The most relevant is likely the study conducted in [29], which applied clustering algorithms to determine possible associations of TTPs. On the other hand, and beyond AI, there are studies on the prediction of possible sequences of TTPs using game theory [30] and Markov chains [31].…”

Section: Mitre Attandckmentioning

confidence: 99%

Analysis of Cyber-Intelligence Frameworks for AI Data Processing

Sánchez del Monte,

Hernández-Álvarez

2023

Applied Sciences

View full text Add to dashboard Cite

This paper deals with the concept of cyber intelligence and its components as a fundamental tool for the protection of information today. After that, the main cyber-intelligence frameworks that are currently applied worldwide (Diamond Model, Cyberkill Chain, and Mitre Att&ck) are described to subsequently analyse them through their practical application in a real critical cyber incident, as well as analyse the strengths and weaknesses of each one of them according to the comparison of seventeen variables of interest. From this analysis and considering the two actions mentioned, it is concluded that Mitre Att&ck is the most suitable framework due to its flexibility, permanent updating, and the existence of a powerful database. Finally, an explanation is given for how Mitre Att&ck can be integrated with the research and application of artificial intelligence in the achievement of the objectives set and the development of tools that can serve as support for the detection of the patterns and authorship of cyberattacks.

show abstract

Learning the Associations of MITRE ATT&CK Adversarial Techniques

Cited by 2 publications

References 6 publications

A lightweight framework for cyber risk management in Western Balkan higher education institutions

A lightweight framework for cyber risk management in Western Balkan higher education institutions

Analysis of Cyber-Intelligence Frameworks for AI Data Processing

Contact Info

Product

Resources

About