ATT&CK-based Advanced Persistent Threat attacks risk propagation assessment model for zero trust networks

Abstract

In recent years, the growing frequency and intensity of Advanced Persistent Threats (APTs) have significantly undermined the legitimacy and financial stability of government agencies, enterprises, and other entities. Moreover, these attacks have shown the inherent vulnerabilities in conventional border defense strategies. The emergence of the zero trust network architecture can be attributed to the increasing complexity of the cyber threat landscape. With the application of risk assessment, this paper effectively tackles the challenges posed by conventional network defense limitations and enhances the efficiency of the access control decision-making process. Nevertheless, the existing risk assessment approaches primarily focus on conventional security assessment objectives, which exhibits a deficiency in the ability to dynamically assess APT attacks. The Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework introduced in this paper is a novel approach to mitigating APT attacks. This paper aims to mine and analyze the frequent item set and correlation of cyber threat penetration attack techniques. The paper also intends to construct an attack technique relationship diagram and develop a tactical prediction model for cyber threat penetration attacks using the Markov chain model. Finally, our study aims to establish a risk propagation model for APT threats based on the aforementioned model. The approach presented in this paper significantly enhances the capacity of zero trust networks in addressing sophisticated cyber threats.