BIHARE, Mr Quentin (2020) Probability analysis of MITRE ATT&CK Enterprise Matrix’s attack steps PRE - Research Project, ENSTA.



With the development of cloud services and third-party systems, security of IT systems is a major stake for companies, in which they invest a lot. The domain-specific threat modelling language based on the MITRE ATT&CK Enterprise Matrix enterpriseLang was developed in order to simplify security assessment of IT systems and reduce its costs. Adding probabilities representing the success rate and time taken to successfully perform each technique listed in the MITRE ATT&CK Enterprise Matrix was essential for the simulations conducted by enterpriseLang to get closer to real-life attacks. This paper presents the method used in the probability analysis of 119 of these techniques as well as a few results which are then discussed.

Item Type:Thesis (PRE - Research Project)
Subjects:Information and Communication Sciences and Technologies
ID Code:7998
Deposited By:Quentin BIHARE
Deposited On:31 mai 2021 16:42
Dernière modification:31 mai 2021 16:42

Repository Staff Only: item control page