MITRE ATT&CK: State of the Art and Way Forward

Bader Al-Sada; Alireza Sadighian; Gabriele Oligeri

doi:10.1145/3687300

MITRE ATT&CK: State of the Art and Way Forward

Bader Al-Sada, Alireza Sadighian, Gabriele Oligeri

CSE Information & Computing Technology

Hamad bin Khalifa University

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques, and procedures based on real-world observations. It has been used as a foundation for threat modeling in different sectors, such as government, academia, and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study, and investigation of the current state of the art leveraging the MITRE ATT&CK framework. We select and inspect more than 50 major research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. We provide a categorization of the identified papers according to different criteria such as use cases, application scenarios, adopted methodologies, and the use of additional data. Finally, we discuss open issues and future research directions involving not only the MITRE ATT&CK framework but also the fields of threat analysis, threat modeling, and in general cyber-Threat intelligence.

Original language	English
Article number	12
Number of pages	37
Journal	ACM Computing Surveys
Volume	57
Issue number	1
DOIs	https://doi.org/10.1145/3687300
Publication status	Published - Jan 2025

Keywords

Cyber-threat intelligence
MITRE ATT&CK framework
Security risk analysis

Access to Document

10.1145/3687300

Cite this

@article{b6bebf47ee054599bb0663b692215814,

title = "MITRE ATT&CK: State of the Art and Way Forward",

abstract = "MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques, and procedures based on real-world observations. It has been used as a foundation for threat modeling in different sectors, such as government, academia, and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study, and investigation of the current state of the art leveraging the MITRE ATT&CK framework. We select and inspect more than 50 major research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. We provide a categorization of the identified papers according to different criteria such as use cases, application scenarios, adopted methodologies, and the use of additional data. Finally, we discuss open issues and future research directions involving not only the MITRE ATT&CK framework but also the fields of threat analysis, threat modeling, and in general cyber-Threat intelligence.",

keywords = "Cyber-threat intelligence, MITRE ATT&CK framework, Security risk analysis",

author = "Bader Al-Sada and Alireza Sadighian and Gabriele Oligeri",

note = "Publisher Copyright: {\textcopyright} 2024 held by the owner/author(s).",

year = "2025",

month = jan,

doi = "10.1145/3687300",

language = "English",

volume = "57",

journal = "ACM Computing Surveys",

issn = "0360-0300",

publisher = "Association for Computing Machinery (ACM)",

number = "1",

}

TY - JOUR

T1 - MITRE ATT&CK

T2 - State of the Art and Way Forward

AU - Al-Sada, Bader

AU - Sadighian, Alireza

AU - Oligeri, Gabriele

PY - 2025/1

Y1 - 2025/1

N2 - MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques, and procedures based on real-world observations. It has been used as a foundation for threat modeling in different sectors, such as government, academia, and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study, and investigation of the current state of the art leveraging the MITRE ATT&CK framework. We select and inspect more than 50 major research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. We provide a categorization of the identified papers according to different criteria such as use cases, application scenarios, adopted methodologies, and the use of additional data. Finally, we discuss open issues and future research directions involving not only the MITRE ATT&CK framework but also the fields of threat analysis, threat modeling, and in general cyber-Threat intelligence.

AB - MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques, and procedures based on real-world observations. It has been used as a foundation for threat modeling in different sectors, such as government, academia, and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study, and investigation of the current state of the art leveraging the MITRE ATT&CK framework. We select and inspect more than 50 major research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. We provide a categorization of the identified papers according to different criteria such as use cases, application scenarios, adopted methodologies, and the use of additional data. Finally, we discuss open issues and future research directions involving not only the MITRE ATT&CK framework but also the fields of threat analysis, threat modeling, and in general cyber-Threat intelligence.

KW - Cyber-threat intelligence

KW - MITRE ATT&CK framework

KW - Security risk analysis

UR - http://www.scopus.com/inward/record.url?scp=85209934435&partnerID=8YFLogxK

U2 - 10.1145/3687300

DO - 10.1145/3687300

M3 - Article

AN - SCOPUS:85209934435

SN - 0360-0300

VL - 57

JO - ACM Computing Surveys

JF - ACM Computing Surveys

IS - 1

M1 - 12

ER -

MITRE ATT&CK: State of the Art and Way Forward

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this