1 minute read

We have recently submitted a paper in a conference, which explores the MITRE ATT&CK Framework Use Cases and Applications in Research and Practice. Currently, you can read the preprint on Arxiv.

The paper provides a comprehensive review of the MITRE ATT&CK Framework, which has become an essential tool in the cybersecurity industry and academic research. We address several research questions, including how the framework has been used in cybersecurity research, how to categorize literature that uses ATT&CK, and what gaps and discrepancies exist in the literature.

The paper makes several contributions to the field, including a systematic review of existing research on ATT&CK, a taxonomy for categorizing literature that uses ATT&CK, identification of key directions for future work, and insights for academics and practitioners on the practical implementation and evaluation of ATT&CK.

The MITRE ATT&CK Framework has become an essential tool in the cybersecurity industry and academic research. However, despite its popularity, there is a lack of systematic review of its applications and research. Our recent paper aims to fill this gap by providing a comprehensive review of the framework and proposing a taxonomy for categorizing literature that uses ATT&CK.

Our paper addresses several research questions, including:

  • How does the use of ATT&CK contribute to cybersecurity research?
  • In what application domains and use cases has ATT&CK been employed in the literature?
  • What are some important gaps and discrepancies in the literature on ATT&CK?

Our paper makes several contributions to the field, including:

  • A systematic review of existing research on ATT&CK
  • A taxonomic systematization of literature that uses ATT&CK
  • Identification of key directions for future work
  • Insights for academics and practitioners alike on the practical implementation and evaluation of ATT&CK

One of the key takeaways from our review is that ATT&CK is useful in a wide range of application areas, including:

  • Threat intelligence
  • Threat Hunting
  • Incident response
  • Risk Management
  • Red teaming
  • Vulnerability assessment
  • Cybersecurity education

Overall, our paper provides valuable insights into the applications and research on MITRE ATT&CK Framework. We hope that our work will serve as a foundation for future studies exploring this important tool in cybersecurity.

For more details, check out the preprint on Arxiv.

Leave a comment