authorimg

finding cyber threats with implementation of different tactic categories in mitre att&ck

Ileana

5.0

Here is Your Sample Download Sample 📩

Introduction

Cyber technology has been on the rise from the beginning of the 20th century. The technology has seen so many changes in the last 10 years; the internet is being used by everyone and also uses it for many of their essential works such as online shopping, cab booking and studying purposes. As the technology is being used by everyone as their day-to-day activity as well as for their requirements that can be related to their work and the internet activities are becoming more essential for almost every activity. Cyber attack attempts to gain business information to sizable, disrupt and destroy entire computer system. Cyber technology provides different types of unique strategies that involve the internet and cyberspace. Different types of cyber technology including encryption,declaration of authenticity for assignments, authorization and secure coding protect systems against various computer viruses, worms, spyware and other unwanted programs (Mouzakitis, and Askounis, 2021). It refers to a series of unique techniques that has been used for declaration of authenticity for assignments and protection against security threats of sensitive business data and essential information. In that case, MITRE ATT&CK is globally accessible knowledge, which has been based on attack of several unique tactics and specific techniques. It has been based on real-world observation of various cyber security threats. It displays matrices that have been arranged by using differentattacksteps from important system to prevent data theft and various machine controlling techniques. The main aim of this att&ck is to structure an accurate comprehensive list of unique adversary tactics and techniques that has been used during cyber attacks. 

Figure 1.1.1 Tactics and techniques of MITRE att@cks

This system is able to collect a wide range of attack stages and sequences which is necessary to prevent different types of security threats. This att&ck is intended to structure a unique taxonomy to structure communication in organizations rather than the previous time. Several steps are present to structure an accurate attack chain such as unique initial access, planning execution, relevant persistence, access privilege escalation, project defense evasion, credential access and discovery. 

The rises of mobile phones and laptops have seen a certain rise in technology. As internet facilities are being used by everyone nowadays, the possibility and probability of cyber-attacks or threats are also rising. In order to identify and analyze these issues the MITRE ATT&CK techniques are being used (Kaluet al. 2020). Through this technique with the help of the wireshark tool the issues to be analyzed. At first s structure is to be designed through which the issues identification and evaluation is to be done. Then the plan will be developed and then the plan will be tested. After the plan is ready the issues testing and evaluation will be done with the help of wireshark.

1.2Background of research

MITRE ATT&CK has used various disciplines such as instruction detection, threat hunting, red timing, risk management and security engineering that are necessary to prevent security threats and unauthorized access (Dhirani, Armstrong, and Newe, 2021). Various steps are present to use this MITRE ATT&CK including unique adversary emulation, proper teaming, behavioral analytics, defensive gap assessment, SOC maturity assessment and threat intelligence enrichment. This attack has been used to structure adversary simulation scenarios and helps to verify defenses against different adversary techniques. Also, it has been used to structure a proper red team plan regarding organizing business operations to avoid certain defensive measures. This system is necessary to protect the network from unauthorized access. In that case, this miter has been used to construct an accurate test behavioral analysis to reduce adversarial behavior within business environments. It has been focused on a unique adversary model to access tools and monitoring business performance as per organization requirements. 

Figure 1.2.1 Coverage across all MITRE Att@ck

This system is necessary to build an accurate security protection to protect data from security threats and unwanted network traffic. This monitoring system helps to identify security threats and provides various techniques to mitigate these security issues as per organization requirements. The security issues have been analyzed through this technique by using Wire shark tools and the security development team of every organization needs to implement these techniques to mitigate and prevent security threats (Yooet al. 2020). This attack is very useful for understanding and documenting different types of adversary group profiles from an accurate behavioral perspective and it has been used for security analysis for organizational benefit. It performs machine learning to identify security threats and helps to extend security protection to protect data from unauthorized access and other unwanted program and network traffic. This strategy has been displayed through different attack stages and initial systems to control security threats and data theft. It works as a defender system to better classify attacks that is necessary to resolve organization risks as per their requirements. The proper framework of mitre attack supports in generating a risk management system, helps to understand attacker’sbehavior, understanding the process classify the security as per organization requirements. In that case, it has been used to create adversary emulation scenarios to verify security control and this system is playing a very essential role to mitigate unwanted programs and help to prevent security threats for data protection (Archip, et al. 2021). 

This entire system improves post-compromise detection of different security threats through telemetry sensing and behavioral analysis. This process helps in security measures to identify different security areas, which have been based on real-world observation. This whole system depends on the security tactics and every organization should complement this system to mitigate their security concerns. It provides a unique risk management strategy regarding protecting business data from unwanted programs. It is a globally accessible knowledge base of security adversary tactics to resolve security issues of every organization. It has been designed to support cyber security systems for threat modeling, penetration testing, defense deployment and cyber security exercises. It provides a proper combination of different techniques and tactics to generate an accurate risk management strategy for error detection. This MITRE ATT&CK provides security techniques with the knowledge to prevent security attacks that have been based on the certain indicators of attack. This framework analysis helps to understand the entire technique of this attack to conduct unique security techniques for error detection. This attack was created by MITRE in 2013 to understand attacker’s tactics and techniques, which have been based on real world observation (Ryu et al. 2021). It is very useful and necessary to understand the attack methodology and mitigation technique. 

1.3Research Aim

The main aim of the project is to identify different types of cyber-attacks and how they are being solved through this MITRE ATT&CK technique by using Wire shark and what are the steps that are to be taken. How the cyber security team can get the benefits from this technique. 

1.4Research objectives

●      To identify different types of cyber attacks

●      To identify the threats the degree that the threats can do

●      To evaluate the techniques that the MITRE ATT&CK contains and analyses network through wire shark

●      To know the benefits of MITRE ATT&CK

●      To analyze and evaluate the reason for using wire shark while identifying the cyber attack

●      To know different processes or steps that the MITRE ATT&CK contains

●      To analyze how to use different processes and how beneficial they are

1.5Research questions

  • How does MITRE attack help in security operations to prevent security threats?
  • What is the impact of MITRE attack on organization safety?
  • What is the implementation process of MITRE attack for organizational benefit?
  • How many techniques are present within MITRE attack for security threat detection?
  • Why is the MITRE attack playing an important role in organizational safety?

1.6Significance of the study

In this recent time, attackers are continuously trying to steal organization's essential information for their financial and reputational loss. Every organization needs to implement a proper risk management strategy to prevent these security threats that helps to protect their business data from unwanted programs. MITRE track stands for different adversarial tactics techniques and common knowledge. The conceptual framework of this attack has been based on the curate knowledge and an accurate model for different cyber adversary behavior. It helps to create an accurate adversary emulation scenario to test and verify different types of cyber security control to understand attackers’behavior and their activities before attack, which is playing an important role in organizational safety, and conduct an error prevention strategy. 

Figure 1.6.1: Strategies of MITRE atta@ck

The traceability features can maintain the internal framework based on the design analysis. However, the remote sensing control units should be supported through the design profile of each network component. In this way by distributing the data elementary feature the network packets can be easily determined. On the other hand, it is also supported through the reported data analytics form factor. It manages a different control frame network, which determines the design operation based on the input levels. As a result, the activity program is controlling the entire cyber security operation.   

It is easier to track attackers' activity through this system and helps to decipher patterns and rates of effectiveness such as defense tools. It supports the entire cyber security system by providing an accurate defense framework for threat modeling (Yeboah-Ofori and Islam, 2019). It provides various defensestrategies for an accurate threat modeling exercise for error prevention. It also helps to detect malicious activity for data protection and organizational safety. Also, it helps to create a strong security boundary over the organization's network to detect security threats. It can understand the security threats before the attack and it works through using different phases to prevent malicious attacks. This system has been used for various security protection and defensive measures to identify the accurate area for defense improvement. Hackers are injecting a malicious virus into a company's website to steal business information and the admin department of every organization is losing control of their system for this malicious virus. It helps to protect data from this malicious activity that is crucial for system protection from different security threats. It has been focused on the proactive searching for advanced threat factors and helps to close the gap from infection to detection. This system helps to analyze business information as per organization requirements and it protects organizations from wide scale damage. 

1.7 Summary

MITRE track is necessary for every organization to protect their data from malicious activity and security threats. In that case, cyber-attacks continuously rise day-by-day and become a big headache for organizational safety (Rendall, Nisioti, And Mylonas, 2020). The knowledge based system model can generate a control unit setup, which is supported through the wireshark feature. On the other hand it also maintains some different input elements which are part of the network filtration. Based on the protocol units the source of the attack can be easily determined with the help of a cyber security framework like MITRE. In terms of accessing the data, different featured specifications are being channelized within the system framework components.  

Every business organization needs to implement this security strategy for accessing their security strategy stronger than the previous time. It helps to prevent security threats through its knowledge based strategy and alert organization before the attack. This security analysis is done through the Wire shark tool for organizational safety and it is able to simply manage security issues through understanding the route and source of the attack. It helps to control the entire system and provides a security strategy for organizational data protection

Testing of Wireshark

Wireshark analysis provides the information that tells the count of those packets as well as average, minimum value, maximum value pack, rate percent, burst rate and the burst start. This information will provide all the technical details while using the MITRE ATT&CK framework (Yooet al. 2020). 

While the user uses the cyber-attack identification and analysis process with this MITRE ATT&CK this above details will provide the information about the packets entering through the DNS server. By these details the user can check from what source the requests are coming or from which source the requests are going more. These details will make the user to checks the basic network activities that have happened for a particular time or instance. Entire analysis can be evaluate and analysis through wireshark. MITRE ATT&CK framework is possible to use as cyber threat analysis methodology.

It provides the information of the packets with the help of a packet counter. This interface shows the details of the types of packets entering into the network and its number (Jain, and Anubha, 2021).  It shows the type of packets such as http response packets, http packets, http request packets and many more and in parallel to it the count is provided that tells the count of those packets. This type of analysis is responsible for identifying cyber attack. 

During the time of analysis with MITRE ATT&CK, the user needs to access the final and simple information regarding different types of packets and their count to get the final and short verdict regarding the network and the system's activity. Through this representation the user can find the packet that has entered for most of the time along with their respective rate, percent, burst rate, and burst started.

Analysis of Wireshark tool

 MITRE advisory tactics techniques and common languages are referred to by the MITRE ATT&CK framework(Georgiadou, Mouzakitis, and Askounis, 2021). This framework is generally used for cyber intelligence. Behaviors, as well as tactics that are adopted by cyber attackers, are expressed in metrics using this framework. MITRE ATT&CK framework has been divided into three matrices such as enterprise, mobile ad PRE-ATT&CK respectively. Several techniques, as well as tactics, are managed by these matrices of the MITRE ATT&CK framework. Enterprise matrix has been consistent with tactics that can be applied on Windows, Linux and MAC OS respectively(Al-Shaer, Spring, and Christou, 2020). Mobile matrix contains tactics that are only applicable for mobile devices. PRE-ATT&Ck  matrix contains certain tactics that cyber attackers consider before attacking any vulnerabilities within a network system. Wireshark open source traffic sniffing application has been selected to analyze the MITRE ATT&CK framework. This open source packet data packet capturing tool can capture data packets as well as analyzing the packet details(Bagyalakshmiet al.2018). Amount of data packets that need to be considered to analyze the MITRE ATT&CK framework can be obtained through this tool. Also, other valuable metrics of data packets such as average value, maximum value, minimum value, data packet percent rate, and burst rate can be availed by analyzing the MITRE ATT&CK framework in Wireshark network sniffing application. Also, the amount of data packets are entering to this MITRE ATT&CK  framework can be known by analyzing this particular framework in the Wireshark data packet capturing tool. This particular sniffing application has been selected to analyze this MITRE ATT&CK framework as several configuration details of this framework such as running services, version number, IP address, host name, LAN IDS, can be availed effectively through Wireshark(Iqbal, and Naaz, 2019). Using the Wireshark network sniffing application, several basic network activities can be reviewed by the users of this MITRE ATT&CK framework in real time.  Data packet capturing process also gets simplified through Wireshark.  Cyber threats associated with the MITRE ATT&CK framework can be known effectively by analyzing this particular framework in Wireshark network traffic sniffing application. Wireshark uses a packet counter to give a detailed analysis of the captured data packets within a particular network server. Thus the amount of data packet entering in a network, as well as a detailed analysis of the captured data packers, are available from Wireshark network traffic sniffing tool. Thus the application of this network traffic sniffing tool to analyze this MITRE ATT&CK framework can help users in distinguishing between different types of data packets such as HTTPS packet, response packet, and HTTP request respectively. Wireshark also counts the volume of these data packets. Thus detailed information after analyzing data packers is provided by Wireshark network traffic sniffing application. Thus cyber-attacks that can be done on this MIERE ATT&CK framework can be calculated from this particular traffic monitoring as well as data packet capturing application Wireshark. 

Cyber-attack identification

MITRE ATT&CK framework has been used significantly for detecting various types of cyber-attacks. This particular framework helps organizations, end users as well as government agencies in their threat intelligence(Straub,  2020). Using the perspectives given by MITRE ATT&CK  framework organization's cyber security experts can know the motivation behind a particular cyber-attack. Also, the tactics, as well as techniques that have been adopted by the cyber attackers to conduct the attack, can be known through this framework.  Using the tactics given by MITRE ATT&CK framework security experts of organizations can detect the advisory behavior of a cyber-attack as well as certain threat mitigation actions can be adopted by them through this framework. 

MITRE ATT&CK framework for enterprise cyber-attack identification 

MITRE ATT&CK framework has been used significantly in an organization to detect different types of cyber-attacks. For this purpose, the MITRE ATT&CK enterprise matrix is applied. This matrix is used to enhance the security measurements of an organization. Application of this framework in organizations helps them in determining how cyber-attacks got the initial access to the organization's network server as well as security defense system of the organizations is improved by the tactics provided from MITRE ATT&CK framework(Strom et al. 2018).  Using this framework different steps of cyber-attacks conducted by hackers can be identified. It can hide system IP addresses when a business organization is sending or requesting data over the internet and the location of network devices are also invisible.  Apart from identifying cyberattacks, the MITRE ATT&CK framework helps organizations' security teams by giving them information regarding the adversarial behavior that are adopted by cyber attackers as well as common in most conducted cyber-attacks. Also, motivation behind a particular cyber-attack can be known to them using the MITRE ATT&CK framework. Tactics as well as techniques that have been adopted by cyber attackers to conduct the cyber-attack can be evaluated by this framework to an organization's security teams(Strom et al.2017). Organizations will be able to identify certain activities by users that must be considered as suspicious. Using the MITRE ATT&CK framework organizations will be able to implement certain actions to mitigate these threats effectively. Using the MITRE ATT&CK framework organization can build behavior analytics that can help them in detecting malicious activities within the organization's network environment. MITRE ATT&CK framework for enterprise has been consistent with 11 different tactics as well as 200 techniques. These tactics can be used by security experts of an organization to detect adversaries within the network server as well as the functions that have been performing within the particular network server. MITRE ATT&CK framework will generate information regarding initial access, execution, persistence, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, command repetitively(Alexander, Belisle, and Steele, 2020). In order to get initial access to an organization's network server, the adversaries need to apply a certain one as well as more than one technique. MITRE ATT&CK framework can detect this approach and can prevent them also. MITRE ATT&CK  framework also has been used significantly in behavior analysis to identify internal threats to an organization. 

Analysis process

Mainly the network forensic is diagnosed within the wireshark framework. Different accessibility features include administration design analysis as well as network capture. There are various tools available, which measure the FTP and IRC channel (Sanders, 2017). Based on the network behavior wireshark tool determines what kind of network analysis needed to justify the attack vectors. Based on the control frame few different operations are needed to transfer the network packets into the main account. Different additional analyzing frameworks can maintain some of the illustration mechanisms, which include various control frame networks. Several distributive featured elements are present which can control the entire network situation based on the network control units. In terms of ICMP based attacks, the wireshark tool maintains the key algorithm units within the filtration process.    

A continuous FTP conversion can make some of the analysis factors that include different control frame networks. In those featured environments, the wireshark tools identify the control vector units, which convert the filtered options into mainframe application. In case of software-distributed elements, applied network protocols are channeled through the main control units. Based on the network specification packet units are identified within the IRC channels (Alhawi, MMustafa and Cordeiro 2019). These interchangeable network packets can produce some of the major elements within the main application feature. Mainly the internet protocol stack is being controlled by the wireshark tool, which determines what type of network packets should be filtered before transmission. In this way by applying the analysis tool, network packets can be identified based on the application framework. The transferable data units can maintain the neighbor network layers, which are part of the OSI model.

The root cause of the cyber attacks can only be filtered out if the network tools capture the network packets. Based on the system software network packets’ verification methods are transmitted through different formats. However, no capturable network packets are common in nature while transmitting to the main channeling frame. Besides all of the troubleshooting elements, only the key controlling network units can be controlled within the packet filtration (Bagyalakshmi et al. 2018) Wireshark produced this type of determinable features within the troubleshooting element, which identifies the cyber attacks easily. In case of any spoofing or phishing, the network packets are first analyzed by the real time network analysis. 

References

Åberg, O. and Sparf, E., 2019. Validating the Meta Attack Language using MITRE ATT&CK matrix.

Affia, A.O., Matulevičius, R. And Nolte, A., 2020. Security Risk Management in E-commerce Systems: A Threat-driven Approach. Baltic Journal of Modern Computing, 8(2), pp. 213-240.

Alhawi, O.M., Mustafa, M.A. and Cordeiro, L.C., 2019. Finding Security Vulnerabilities in Unmanned Aerial Vehicles Using Software Verification. arXiv preprint arXiv:1906.11488.

Al-Shaer, R., Spring, J.M. and Christou, E., 2020, June. Learning the Associations of MITRE ATT & CK Adversarial Techniques. In 2020 IEEE Conference on Communications and Network Security (CNS) (pp. 1-9). IEEE.

Al-Shaer, R., Spring, J.M. and Christou, E., 2020, June. Learning the Associations of MITRE ATT & CK Adversarial Techniques. In 2020 IEEE Conference on Communications and Network Security (CNS) (pp. 1-9). IEEE.

Archip, A., Cristian-Mihai Amarandei And Craus, M., 2021. Experimental Cyber Attack Detection Framework. Electronics, 10(14), pp. 1682.

Archip, A., Cristian-Mihai Amarandei&Craus, M. 2021, "Experimental Cyber Attack Detection Framework", Electronics, vol. 10, no. 14, pp. 1682.

Bagyalakshmi, G., Rajkumar, G., Arunkumar, N., Easwaran, M., Narasimhan, K., Elamaran, V., Solarte, M., Hernández, I. and Ramirez-Gonzalez, G., 2018. Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools. IEEE Access6, pp.57144-57151.

Cha, J., Singh, S.K., Pan, Y. And Park, J.H., 2020. Block chain-Based Cyber Threat Intelligence System Architecture for Sustainable Computing. Sustainability, 12(16), pp. 6401.

Charles, A.J. and Kalavathi, P., 2018. QoS measurement of RPL using Cooja simulator and Wireshark network analyser. International Journal of Computer Sciences and Engineering6(4), pp.283-291.

Choi, S., Yun, J.H. and Min, B.G., 2021. Probabilistic Attack Sequence Generation and Execution Based on MITRE ATT&CK for ICS Datasets.

Coetzee, R., 2019. TOWARDS DESIGNING AN ARTEFACT EVALUATION STRATEGY FOR HUMAN FACTORS ENGINEERING: A LEAN IMPLEMENTATION MODEL CASE STUDY. South African Journal of Industrial Engineering, 30(3), pp. 289-303.

Das, R. and Tuna, G., 2017, April. Packet tracing and analysis of network cameras with Wireshark. In 2017 5th International Symposium on Digital Forensic and Security (ISDFS) (pp. 1-6). IEEE.

Dhirani, L.L., Armstrong, E. &Newe, T. 2021, "Industrial IoT, Cyber Threats, and Standards Landscape: Evaluation and Roadmap", Sensors, vol. 21, no. 11, pp. 3901.

Dong, Z., 2020. An Approach to Multiple Attribute Decision Making with Intuitionistic Fuzzy Information and Its Application to Software Quality Evaluation. IOP Conference Series.Materials Science and Engineering, 740(1),.

Duhoe, K., Dongil, S., Dongkyoo, S. And Yong-Hyun, K., 2019. Attack Detection Application with Attack Tree for Mobile System using Log Analysis. Mobile Networks and Applications, 24(1), pp. 184-192.

Fan, Y., Li, J., Zhang, D., Pi, J., Song, J. and Zhao, G., 2019. Supporting sustainable maintenance of substations under cyber-threats: An evaluation method of cybersecurity risk for power CPS. Sustainability11(4), p.982.