An ATT&CK-KG for Linking Cybersecurity Attacks to Adversary Tactics and Techniques

Kabul Kurniawan, Andreas Ekelhart, Elmar Kiesling
2021 International Semantic Web Conference  
Leveraging knowledge graph techniques to detect and analyze cyber attacks is a promising research direction at the interface between the semantic web and security research communities. In this paper, we build on prior work and develop a vocabulary to extend a cybersecurity knowledge graph with adversary tactics and techniques. Using this vocabulary, we represent rich threat intelligence instance data from MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) in a knowledge graph.
more » ... This knowledge can be used to contextualize indicators of compromise from log messages, identify potential attack steps, and link them to cybersecurity knowledge. To demonstrate the benefits of the approach, we link low-level threat alerts produced by community rules to the cybersecurity knowledge graph.
dblp:conf/semweb/KurniawanEK21 fatcat:4cyvnaty5ze4hdolgv462ei6sm