NTUA and KTH joined forces to write an article together that conceptually maps the SBA and the VA tool to each other. Therefore, they facilitated the MITRE ATT&CK matrix to link the meta model of SBA to the icsLang, which is used as meta model for VA. The paper will be presented at the EPESec workshop at the ARES conference.
The abstract reads as follows:
The increase of cyber-attacks raised security concerns for critical assets worldwide in the last decade. Leading to more efforts spent towards increasing the cyber security among companies and countries. For the sake of enhancing cyber security, representation and testing of attacks have prime importance in understanding system vulnerabilities. One of the available tools for simulating attacks on systems is the Meta Attack Language (MAL), which allows representing the effects of certain cyber-attacks. However, only understanding the component vulnerabilities is not enough in securing enterprise systems. Another important factor is the `human`, which constitutes the biggest `insider threat`. For this, Security Behavior Analysis (SBA) helps understanding which system components that might be directly affected by the `human`. As such, in this work, the authors present an approach for integrating user actions, so called “security behavior”, by mapping SBA to a MAL-based language through MITRE ATT&CK techniques.