Automation of Translating MITRE ATT&CK Pseudocode to Executable Scripts

  1. Montoya, Raul Alexsander Castro 1
  2. Byari, Hamza Hmiddouch El 1
  3. Vanegas, Andrea Villacis 1
  4. Ojeda, Ivan Quiñonero Martinez de 1
  5. Cano, Maria-Dolores 1
  1. 1 Universidad Politécnica de Cartagena
    info

    Universidad Politécnica de Cartagena

    Cartagena, España

    ROR https://ror.org/02k5kx966

Proceedings:
2024 IEEE International Workshop on Technologies for Defense and Security (TechDefense)

Publisher: IEEE

ISBN: 979-8-3315-0558-5

Year of publication: 2024

Pages: 368-373

Type: Conference paper

DOI: 10.1109/TECHDEFENSE63521.2024.10863377 GOOGLE SCHOLAR

Abstract

The field of cybersecurity is vital for safeguarding organizational systems against advanced threats. The MITRE ATT&CK framework outlines numerous adversarial tactics and techniques. However, translating these high-level descriptions into actionable detection scripts remains challenging. In this preliminary study, we introduce an automated method for transforming MITRE ATT&CK pseudocode into operational Python scripts. Our approach effectively extracts and converts conditions, creating dependable scripts validated through extensive testing. This automation closes the gap between theoretical threat intelligence and practical application, enhancing efficiency and accuracy over manual scripting methods. Consequently, our results facilitate the rapid deployment of effective detection mechanisms, strengthening defenses against new threats. This ongoing work underscores the importance of automated tools in enhancing cybersecurity capabilities across various industries.

Bibliographic References

  • 10.1109/comst.2023.3299519
  • 10.1186/s42400-023-00193-6
  • 10.1109/access.2023.3344680
  • 10.1109/comst.2023.3273282