Secure AI
A collaboration with MITRE ATLAS™ to advance security for AI–enabled systems that takes a threat-informed approach, enables rapid exchange of new …
May 13, 2025
Project Summary
Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign behavior by applying contextual analysis to ATT&CK techniques. Reduce false positives and uncover adversarial use of living-off-the-land activity.
This is an old version of the Ambiguous Techniques project. For the latest version, see: Ambiguous Techniques.
Problem
Many ATT&CK techniques, especially those used in living-off-the-land activity, produce observables that are indistinguishable from benign behavior, making it difficult for defenders to determine malicious intent and resulting in unreliable or overly noisy detections.
Solution
Create a methodology that uses the surrounding context of a detection event to infer the intent of the actor, thus removing the ambiguity.
Impact
Reduce false positives and improve detection accuracy so defenders can prioritize the alerts that truly matter.
Funding Research Participants
Explore More of Our Work:
Fight Financial Fraud
The Fight Fraud Framework strengthens fraud analysis by giving teams a clear behavioral structure to identify risks, focus investigations, and …
Ambiguous Techniques
With Ambiguous Techniques, you will reduce false positives, focus on the highest‑value log sources, and uncover adversarial use of …
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.