The Attacker Might Also Do Next: ATT&CK Behavior Forecasting by Attacker-based Collaborative Filtering and Graph Databases

Abstract: Cyber attacks are causing tremendous damage around the world. To protect against attacks, many organizations have established or outsourced Security Operation Centers (SOCs) to check a large number of logs daily. Since there is no perfect countermeasure against cyber attacks, it is necessary to detect signs of intrusion quickly to mitigate damage caused by them. However, it is challenging to analyze a lot of logs obtained from PCs and servers inside an organization. Therefore, there is a need for a method of e… Show more

“…Their proposed method can help people to predict cyberattacks. Kuwano et al (2022Kuwano et al ( , 2023 proposed a method to predict additionally compromised devices by lateral movement from an initially infected one using quantification theory type 3 and the ATT&CK technique. This method maps the logs of each device to ATT&CK techniques and predicts the infected device by calculating the similarity score of different devices' logs.…”

Predicting and Visualizing Lateral Movements Based on ATT&CK and Quantification Theory Type 3

“…Their proposed method can help people to predict cyberattacks. Kuwano et al (2022Kuwano et al ( , 2023 proposed a method to predict additionally compromised devices by lateral movement from an initially infected one using quantification theory type 3 and the ATT&CK technique. This method maps the logs of each device to ATT&CK techniques and predicts the infected device by calculating the similarity score of different devices' logs.…”

Predicting and Visualizing Lateral Movements Based on ATT&CK and Quantification Theory Type 3