Security Stack Mappings – Hardware-Enabled Defense
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the …
August 24, 2023
Project Summary
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at solving that problem.
Previous iterations of the Threat Report ATT&CK Mapper (TRAM) focused on creating a data annotation tool and using supervised learning methods to extract and predict TTPs. Our latest project improves the quality of the training data and makes effective use of fine-tuned Large Language Models (LLMs) for model training and predictions. We have improved the speed and accuracy of TTP mappings to meet the demands of defenders.
Problem
The cybersecurity community needs to identify which adversary tactics, techniques, and procedures (TTPs) are found in cyber threat intelligence (CTI) reports. This task of mapping TTPs is difficult, error-prone, and time-consuming.
Solution
Train a Large Language Model on data for the Threat Report ATT&CK Mapping (TRAM) tool to automatically find TTPs.
Impact
CTI analysts will automatically, accurately, and efficiently identify ATT&CK TTPs in CTI reports.
Funding Research Participants
Explore More of Our Work:
Summiting the Pyramid
Summiting the Pyramid (STP) creates a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections …
Secure AI
A collaboration with MITRE ATLAS™ to advance security for AI–enabled systems that takes a threat-informed approach, enables rapid exchange of new …
Stay Informed
Sign up for the Center's "Stay Informed" newsletter to get notified for new project releases and upcoming events.