Intern
    Data Science Chair

    Automating Attack Simulations with MITRE ATT&CK

    06.05.2025

    Extend an existing simulation environment to execute reproducible cyber-attack scenarios using the MITRE ATT&CK framework and procedures for example from Aomic Red Team. The focus is on automation of attack step execution and basic event/log tracking for downstream labeling.

    Objective:

    Extend an existing simulation environment to execute reproducible cyber-attack scenarios using the MITRE ATT&CK framework and procedures for example from Aomic Red Team. The focus is on automation of attack step execution and basic event/log tracking for downstream labeling.

    Betreuer: Daniel Schlör

    Key Tasks:

    • Identify and define a set of relevant MITRE ATT&CK techniques to simulate
    • Explore Caldera as foundational framework
    • Automate selected attack scenarios including planning, logging and labeling
    • Collect logs (e.g., system, network) generated during simulation runs
    • Align executed attack steps with collected logs

    Extension Directions (Master Thesis / Practica):

    • Label Propagation for Ground Truth Generation
    • Knowledge Graph Construction from Simulated Attacks
    • Variant Campaign Simulation for Model Robustness Testing
    • LLM-Based Automation of Attack Procedures

     

    Zurück