International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database

T. Niranjan BabuAssistant Professor, Department of Computer Science and Engineering and Cyber Security (UG), Madanapalle Institute of Technology & Science (Autonomous), Madanapalle, IndiaS.K.Mohammed WaseefUG Scholar, Department of Computer Science and Engineering and Cyber Security (UG), Madanapalle Institute of Technology & Science (Autonomous), Madanapalle, IndiaK.Siva Sai ReddyUG Scholar, Department of Computer Science and Engineering and Cyber Security (UG), Madanapalle Institute of Technology & Science (Autonomous), Madanapalle, India

Vol 9 No 2025 (2025): Volume 9, Special Issue of ICCIS-2025 May 2025 | Pages: 33-39

International Research Journal of Innovations in Engineering and Technology

OPEN ACCESS | Research Article | Published Date: 11-06-2025

doi Logo doi.org/10.47001/IRJIET/2025.ICCIS-202505

pdf iconFull Text PDF
Abstract

MITRE ATT&CK is a detailed knowledge base of adversary TTPs, based on real-world cyber-attack scenarios. It's widely used throughout government, academia, and industry. It has become a cornerstone for threat modeling, risk assessment, and developing defense strategies. Since the topics of the framework have been highly applied to these fields, comprehensive statistical analysis of this dataset holds the need to be able to uncover actionable insights. This work therefore fills this gap by systematically extracting, analyzing, and characterizing insights from the knowledge base of statistical insights in the MITRE ATT&CK threat database. A hierarchical analysis is executed, starting at the level of threat profiles then down to very specific techniques captured in the cataloged database; the findings recommend improvements in strengthening the cybersecurity posture in enterprises, in ICS as well as the mobile infrastructures. It is intended to give a better view of the data and provide guidance for further investigations in support of the development of robust, data-driven security strategies.

Keywords

Threat Modeling, Cyber Threats, Statistical Analysis, Risk Assessment, Cybersecurity, Defensive Strategies


Citation of this Article

T. Niranjan Babu, S.K.Mohammed Waseef, & K.Siva Sai Reddy. (2025). Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database. In proceeding of Second International Conference on Computing and Intelligent Systems (ICCIS-2025), published in IRJIET, Volume 9, Special Issue ICCIS-2025, pp 33-39. Article DOI https://doi.org/10.47001/IRJIET/2025.ICCIS-202505

Licence Copyright (c) 2026 International Research Journal of Innovations in Engineering and Technology creative common licence This work is licensed under Creative common Attribution Non Commercial 4.0 Internation Licence
References
  1. A.A. Darem, A. A. Alhashmi, T. M. Alkhaldi, A. M. Alashjaee, S. M. Alanazi and S. A. Ebad, "Cyber Threats Classifications and Countermeasures in Banking and Financial Sector," in IEEE Access, vol. 11, pp. 125138-125158, 2023, doi: 10.1109/ACCESS.2023.3327016.
  2. J. Jang, K. Kim, S. Yoon, S. Lee, M. Ahn and D. Shin, "Mission Impact Analysis by Measuring the Effect on Physical Combat Operations Associated With Cyber Asset Damage," in IEEE Access, vol. 11, pp. 45113-45128, 2023, doi: 10.1109/ACCESS.2023.3273612.
  3. S. Ghosh, A. Zaboli, J. Hong and J. Kwon, "An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System," in IEEE Access, vol. 11, pp. 14752-14777, 2023, doi: 10.1109/ACCESS.2023.3243906.
  4. Z. -S. Chen et al., "Clustering APT Groups Through Cyber Threat Intelligence by Weighted Similarity Measurement," in IEEE Access, vol. 12, pp. 141851-141865, 2024, doi: 10.1109/ACCESS.2024.3469552.
  5. F. Aldauiji, O. Batarfi and M. Bayousef, "Utilizing Cyber Threat Hunting Techniques to Find Ransomware Attacks: A Survey of the State of the Art," in IEEE Access, vol. 10, pp. 61695-61706, 2022, doi: 10.1109/ACCESS.2022.3181278.
  6. S. C. Phillips, S. Taylor, M. Boniface, S. Modafferi and M. Surridge, "Automated Knowledge-Based Cybersecurity Risk Assessment of Cyber-Physical Systems," in IEEE Access, vol. 12, pp. 82482-82505, 2024, doi: 10.1109/ACCESS.2024.3404264.
  7. S. H. Javed et al., "APT Adversarial Defence Mechanism for Industrial IoT Enabled Cyber-Physical System," in IEEE Access, vol. 11, pp. 74000-74020, 2023, doi: 10.1109/ACCESS.2023.3291599.
  8. M. Alajmi, H. A. Mengash, H. Alqahtani, S. S. Aljameel, M. A. Hamza and A. S. Salama, "Automated Threat Detection Using Flamingo Search Algorithm With Optimal Deep Learning on Cyber-Physical System Environment," in IEEE Access, vol. 11, pp. 127669-127678, 2023, doi: 10.1109/ACCESS.2023.3332213.
  9. Y. Kawanishi, H. Nishihara, H. Yoshida, H. Yamamoto and H. Inoue, "A Study on Threat Analysis and Risk Assessment Based on the “Asset Container” Method and CWSS," in IEEE Access, vol. 11, pp. 18148-18156, 2023, doi: 10.1109/ACCESS.2023.3246497.
  10. F. De Rosa, N. Maunero, P. Prinetto, F. Talentino and M. Trussoni, "ThreMA: Ontology-Based Automated Threat Modeling for ICT Infrastructures," in IEEE Access, vol. 10, pp. 116514-116526, 2022, doi: 10.1109/ACCESS.2022.3219063.
  11. A.Presekal et al., "Cyber Security of HVDC Systems: A Review of Cyber Threats, Defense, and Testbeds," in IEEE Access, vol. 12, pp. 165756-165773, 2024, doi: 10.1109/ACCESS.2024.3490605.
  12. D. Mishchenko, I. Oleinikova, L. Erdődi and B. R. Pokhrel, "Multidomain Cyber-Physical Testbed for Power System Vulnerability Assessment," in IEEE Access, vol. 12, pp. 38135-38149, 2024, doi: 10.1109/ACCESS.2024.3375401.
  13. F. Whitelaw, J. Riley and N. Elmrabit, "A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services," in IEEE Access, vol. 12, pp. 34752-34768, 2024, doi: 10.1109/ACCESS.2024.3373265.
  14. L. Novais, N. Naia, J. Azevedo and J. Cabral, "Let’s Get Cyber-Physical: Validation of Safety-Critical Cyber-Physical Systems," in IEEE Access, vol. 12, pp. 142569-142581, 2024, doi: 10.1109/ACCESS.2024.3470216.
  15. F.-Z. Hannou et al., "Semantic-Based Approach for Cyber-Physical Cascading Effects Within Healthcare Infrastructures," in IEEE Access, vol. 10, pp. 53398-53417, 2022, doi: 10.1109/ACCESS.2022.3171252.
  16. A.Sahu, K. Davis, H. Huang, A. Umunnakwe, S. Zonouz and A. Goulart, "Design of Next-Generation Cyber-Physical Energy Management Systems: Monitoring to Mitigation," in IEEE Open Access Journal of Power and Energy, vol. 10, pp. 151-163, 2023, doi: 10.1109/OAJPE.2023.3239186.
  17. M. Battaglioni, G. Rafaiani, F. Chiaraluce and M. Baldi, "MAGIC: A Method for Assessing Cyber Incidents Occurrence," in IEEE Access, vol. 10, pp. 73458-73473, 2022, doi: 10.1109/ACCESS.2022.3189777.
  18. G. B. Gaggero, A. Armellin, G. Portomauro and M. Marchese, "Industrial Control System-Anomaly Detection Dataset (ICS-ADD) for Cyber-Physical Security Monitoring in Smart Industry Environments," in IEEE Access, vol. 12, pp. 64140-64149, 2024, doi: 10.1109/ACCESS.2024.3395991.
  19. M. U. Rana, O. Ellahi, M. Alam, J. L. Webber, A. Mehbodniya and S. Khan, "Offensive Security: Cyber Threat Intelligence Enrichment with Counterintelligence and Counterattack," in IEEE Access, vol. 10, pp. 108760-108774, 2022, doi: 10.1109/ACCESS.2022.3213644.
  20. A.Presekal, A. Ştefanov, V. S. Rajkumar, I. Semertzis and P. Palensky, "Advanced Persistent Threat Kill Chain for Cyber-Physical Power Systems," in IEEE Access, vol. 12, pp. 177746-177771, 2024, doi: 10.1109/ACCESS.2024.3507386.

Copyright @ 2026 IRJIET. All Right Reserved.

Licensed underCreative Commons Attribution 4.0 International License.