MITRE ATT&CK Applications in Cybersecurity and The Way Forward
It addresses cybersecurity challenges for practitioners by providing a comprehensive review, but it is incremental as it synthesizes existing research without introducing new methods.
This paper synthesizes research on the MITRE ATT&CK framework's applications in cybersecurity by analyzing 417 publications, identifying common adversarial tactics and exploring integrations with NLP and ML to improve threat detection and response.
The MITRE ATT&CK framework is a widely adopted tool for enhancing cybersecurity, supporting threat intelligence, incident response, attack modeling, and vulnerability prioritization. This paper synthesizes research on its application across these domains by analyzing 417 peer-reviewed publications. We identify commonly used adversarial tactics, techniques, and procedures (TTPs) and examine the integration of natural language processing (NLP) and machine learning (ML) with ATT&CK to improve threat detection and response. Additionally, we explore the interoperability of ATT&CK with other frameworks, such as the Cyber Kill Chain, NIST guidelines, and STRIDE, highlighting its versatility. The paper further evaluates the framework from multiple perspectives, including its effectiveness, validation methods, and sector-specific challenges, particularly in industrial control systems (ICS) and healthcare. We conclude by discussing current limitations and proposing future research directions to enhance the applicability of ATT&CK in dynamic cybersecurity environments.