MITRE ATT&CK Applications in Cybersecurity and The Way Forward
The MITRE ATT&CK framework is a widely adopted tool for enhancing cybersecurity, supporting threat intelligence, incident response, attack modeling, and vulnerability prioritization. This paper synthesizes research on its application across these domains by analyzing 417 peer-reviewed publications. We identify commonly used adversarial tactics, techniques, and procedures (TTPs) and examine the integration of natural language processing (NLP) and machine learning (ML) with ATT&CK to improve threat detection and response. Additionally, we explore the interoperability of ATT&CK with other frameworks, such as the Cyber Kill Chain, NIST guidelines, and STRIDE, highlighting its versatility. The paper further evaluates the framework from multiple perspectives, including its effectiveness, validation methods, and sector-specific challenges, particularly in industrial control systems (ICS) and healthcare. We conclude by discussing current limitations and proposing future research directions to enhance the applicability of ATT&CK in dynamic cybersecurity environments.
View on arXiv@article{jiang2025_2502.10825,
title={ MITRE ATT&CK Applications in Cybersecurity and The Way Forward },
author={ Yuning Jiang and Qiaoran Meng and Feiyang Shang and Nay Oo and Le Thi Hong Minh and Hoon Wei Lim and Biplab Sikdar },
journal={arXiv preprint arXiv:2502.10825},
year={ 2025 }
}