MITRE ATT&CK® targets classifier
MITRE ATT&CK® is a knowledge base of attack tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
For companies that start to implement Threat Intelligence and plan to use the MITRE ATT&CK framework, it could be interesting to focus first on tactics and techniques that have already been used against companies from the same domain (government, energy, research etc.), or against target that rely on the same infrastructure (Linux or Windows, on-premise or cloud etc.)
The classifier itself can be simple (keyword based) or more evolved (ML or AI based).
Goal
The goal of this project is to develop a classifier that can group and present the different information available on MITRE ATT&CK (tool, techniques, hacking group) according to the type of target (government, energy, research etc.), and also according to the type of infrastructure (Windows, Linux, on-premise, cloud etc.).
There are different possibilities to implement the classifier
- parsing the STIX JSON dataset: https://github.com/mitre-attack/attack-stix-data
- using the python API: https://github.com/mitre-attack/mitreattack-python
Expected outcome
- source code of the tool on our GitLab server
- including basic testing (code style, unit testing)
- 1 blog post
- 1 poster
- a project report documenting the code
Required skills
To start this project you should have some knowledge of programming language.
Tools and technologies
To achieve this project, you will use following tools and technologies:
- use git to manage your source code
- use GitLab to implement Continuous Implementation (CI)