Validating the Meta Attack Language using MITRE ATT&CK matrix

Detta är en Kandidat-uppsats från KTH/Skolan för elektroteknik och datavetenskap (EECS); KTH/Skolan för elektroteknik och datavetenskap (EECS)

Författare: Oscar Åberg; Edvin Sparf; [2019]

Nyckelord: ;

Sammanfattning: When more and more devices are getting connected to each other and to the internet, the security of such devices becomes increasingly important. For large organizations with hundreds or even thousands of connected devices, it can be hard to determine the weak spots of the network in terms of security. A way of finding these weak spots is by using threat modelling. One language which can be used for this is the Meta Attack Language(MAL). The purpose of this report is to study which types of cyber attacks can be expressed with MAL. To do so eleven different attack techniques from the cyber attack database MITRE ATT&CK matrix are implemented in MAL. The report shows that many different attacks can be implemented in MAL. Since all of the randomly selected attacks were possible to implement in MAL this suggests that it is possible to implement all of the attacks from the MITRE ATT&CK matrix in MAL.

  HÄR KAN DU HÄMTA UPPSATSEN I FULLTEXT. (följ länken till nästa sida)