The method of using cyber intelligence to detect indicators of compromise based on the MITRE ATT&CK matrix
DOI: 10.31673/2409-7292.2024.030007
DOI:
https://doi.org/10.31673/2409-7292.2024.030007Abstract
In modern conditions, there is a need to create a system for processing information and making decisions regarding possible attacks in the information sphere. Information about the intentions of violators, about preparation for an attack, is especially useful. That is, a necessary and sufficient condition for building a successful protection system is the completeness of information about the cyber threat. For this purpose, indicators of compromise (IOC) are used, which are directly related to the concept of Threat Intelligence. Compromise indicators can be used to find, identify and classify threats as part of the threat intelligence process. This allows you to respond to potential threats and take appropriate security measures to protect information at the initial stage of preparing for an attack. The subject of the research is the current scientific task of identifying indicators of compromise based on the MITRE ATT&CK matrix. The need for cyber intelligence to search for indicators of compromise and stop possible attacks on the information system has been proven. The model of classification of indicators of compromise "The Pyramid of Pain", which consists of six levels and demonstrates the relationship between the types of indicators used to detect the activity of the attacker, is analyzed. The MITRE ATT&CK Matrix is considered, which is a publicly available knowledge base about the tactics and techniques of attackers during the implementation of a cyber attack. The ATT&CK framework is a powerful tool for improving cyber defense and threat intelligence. Studies have proven that without specialists, any system for detecting indicators of compromise will not work adequately enough, it is impossible to predict all the details and exceptions in advance. Therefore, only a comprehensive approach can provide protection against cyber attacks.
Keywords: information protection, indicators of compromise, cyber intelligence, Boll's pyramid, matrix, violator, classification.
