Threat-Informed Defense for Cloud Security
Use our latest mappings to replace assumption-driven cloud defense with evidence-based decisions to stop cloud adversaries in their tracks. With …
August 24, 2023
Project Summary
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at solving that problem.
Previous iterations of the Threat Report ATT&CK Mapper (TRAM) focused on creating a data annotation tool and using supervised learning methods to extract and predict TTPs. Our latest project improves the quality of the training data and makes effective use of fine-tuned Large Language Models (LLMs) for model training and predictions. We have improved the speed and accuracy of TTP mappings to meet the demands of defenders.
Problem
The cybersecurity community needs to identify which adversary tactics, techniques, and procedures (TTPs) are found in cyber threat intelligence (CTI) reports. This task of mapping TTPs is difficult, error-prone, and time-consuming.
Solution
Train a Large Language Model on data for the Threat Report ATT&CK Mapping (TRAM) tool to automatically find TTPs.
Impact
CTI analysts will automatically, accurately, and efficiently identify ATT&CK TTPs in CTI reports.
Funding Research Participants
Explore More of Our Work:
INFORM Your Defense
MITRE INFORM is a program-level assessment designed to show how threat-informed your organization is and where to improve next across cyber …
Attack Flow v3
With Attack Flow, you will capture the entire attack and communicate what matters!
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.