Cybersecurity Survivability Testing Technology Based on ATT&CK and D3FEND

Cybersecurity Survivability Testing Technology Based on ATT&CK and D3FEND

연구 분야: Strategies

학회: GAIIS '25: Proceedings of the 2025 2nd International Conference on Generative Artificial Intelligence and Information Security

In the context of the continuous evolution of current network threats, organizations urgently need advanced cybersecurity defense strategies to deal with complex and changeable network attacks. Survivability testing is usually implemented by simulating real hacker attacks, but this kind of testing and evaluation method depends on the professional level of testers to a large extent. There are problems such as incomplete testing and low testing efficiency. This paper comprehensively utilizes the ATT&CK (Adversarial Tactics, Technologies, and Common Knowledge) and D3FEND (Defensive Tactics, Technologies, and Common Knowledge) frameworks of MITRE, aiming to propose a new cybersecurity survivability testing technology. Through in-depth analysis of the attack tactics, techniques and procedures (TTPs) in the ATT&CK framework, combined with the defense strategies and measures in the D3FEND framework, this paper designs a cybersecurity survivability evaluation program. This scheme not only evaluates the protection, detection, response and recovery capabilities of the system against network attacks, but also provides a scientific and perfect defense measures for the system. The case study further verifies the effectiveness of the proposed scheme, and shows how to conduct survivability testing against attacks on the Linux operating system. This study provides a new perspective and practical guidance for the development of cybersecurity defense technology.