Attack Flow

Published

Problem

Defenders often track adversary behaviors atomically, focusing on one specific action at a time. This makes it harder to understand adversary attacks and to build effective defenses against those attacks.

Solution

Built a language to describe sequences of adversary techniques (attack flows) and developed an Attack Flow Builder tool.

Impact

Help defenders and leaders understand how adversaries operate and compose atomic techniques into attacks to better understand defensive posture.

Project Resources

Published: 03 March 2022

Funding Research Participants

Non-Profit Research Participants

Project Summary

Defenders typically track adversary behaviors atomically, focusing on one specific action at a time. While this is a good first step toward adopting a threat-informed defense, adversaries usually use multiple actions in sequence—we call these sequences attack flows. Toward the goal of visualizing, analyzing, and sharing attack flows, the Attack Flow project is developing a data format for describing sequences of adversary behaviors, a set of attack flow examples, and a GUI-based attack flow builder tool.

← Previous: Sightings Ecosystem Next: Top ATT&CK Techniques →