Towards a definition of cyberspace tactics, techniques and procedures | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2017 IEEE International Confe...

Towards a definition of cyberspace tactics, techniques and procedures

PDF
 << Results  
Fernando Maymí; Robert Bixler; Randolph Jones; Scott Lathrop
All Authors

Abstract:

Cybersecurity professionals often speak of tactics, techniques and procedures (TTPs) when describing the activities of threat actors, yet these terms are not as well defi...Show More

Metadata

Abstract:

Cybersecurity professionals often speak of tactics, techniques and procedures (TTPs) when describing the activities of threat actors, yet these terms are not as well defined in cybersecurity as in military doctrine. Systems that use artificial intelligence (AI) and machine learning (ML) to address cybersecurity problems could better determine adversarial intent and future actions by connecting sequences of actions to threat actor intent. In this paper, we define TTPs in relation to cybersecurity and present a model of TTPs for cyberspace operations that is useful to both humans and synthetic agents. We then describe how these can be applied to real-world cyberspace operations, using advanced persistent threat (APT) 28's Pawn Storm campaign as an exemplar. Finally, we show how we've approached the development of ML algorithms to provide predictive analytics based on large security datasets.
Published in: 2017 IEEE International Conference on Big Data (Big Data)
Date of Conference: 11-14 December 2017
Date Added to IEEE Xplore: 15 January 2018
ISBN Information:
DOI: 10.1109/BigData.2017.8258514
Conference Location: Boston, MA, USA
Contents

I. Introduction

The term TTP, which stands for tactics, techniques and procedures, is pervasive in the cybersecurity literature. Despite this ubiquity, there are no clear definitions allowing the community to differentiate tactics, techniques, and procedures. While ambiguity and imprecision when referring to TTPs is usually not problematic among security professionals, it is a significant impediment to using these concepts in autonomous systems. This problem manifested itself to the authors while developing actionable behavioral models of offensive cyberspace operations for an autonomous system. Our goal is to ground TTPs in a semantic representation that enables adversarial behavior modeling and autonomous decision-makinz. reasoning. and learning.

  Back to Results  
Contact IEEE to Subscribe
More Like This
"Media-on-demand" multimedia electronic mail: a tool for collaboration on the Web

Proceedings of 5th IEEE International Symposium on High Performance Distributed Computing

Published: 1996

Tools to Support Global Software Development Processes: A Survey

2010 5th IEEE International Conference on Global Software Engineering

Published: 2010

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.