Presentation: Detecting the Adversary Post-Compromise with Threat Models and Behavioral Analytics

November 2016
Topics: Cybersecurity, Network Security, Computer-Communication-Networks, Homeland Security, Information Security, Information Security Operations, Social and Behavioral Sciences
Download PDF (1.44 MB)

Collecting and sharing behavioral knowledge with the cyber-defense community is the reason MITRE engineers developed the Cyber Analytics Repository, or CAR. It's a knowledge base of analytics to help cyber-defenders recognize suspicious actions occurring in their systems. CAR complements the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK) model, also developed by MITRE. ATT&CK is a framework for describing the actions that attackers take after they've gotten inside and compromised a network. This presentation and a related video lecture explain how CAR works in tandem with ATT&CK. 

Publications

Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search