 |
To label attack behavior, we use MITER ATT&CK. MITER ATT&CK is a knowledge base that shares cyber adversary behavior and attack lifecycle. It will be updated regularly with new types of attacks, which allows it to represent classified attacks more systematically. In MITER ATT&CK matrix, attack methods are classified by tactics, subtechniques, and procedures, or TTP for short, which can let security researchers easily recognize suspicious behavior. Our system also uses MITER ATT&CK TTP to label the attack behavior. |
IEEE/ICACT20230048 Slide.12
[Big Slide]
[YouTube]