Organizational Attribution of Advanced Persistent Threats using a Cybersecurity Knowledge Graph

The cybersecurity industry generates massive amounts of data every day from systems that use different protocols and standards. Because each data collection has its own unique schema and metadata, it would be very difficult for cybersecurity professionals to manually search through all of these massive datasets in search of probable threats. Automating the examination of massive cyber data sets is possible with the help of a plethora of available apps and tool sets. For more than ten years, the Semantic Web community has researched cybersecurity and created a plethora of information graphs and frameworks. Starting in 2016, it Universal Cybersecurity Ontology (UCO) linked many top knowledge representation frameworks, offering a comprehensive mapping of cyber data. Numerous professionals rely on MITRE ATT&CK to assess the degree to which their existing data and tools enable them to counter APTs and less formalised threat actors. Tools for academics to standardise gathering data, correlation, and analysis have been made available by the UCO, while practitioners have access to MITRE ATT&CK. But how exactly existing knowledge graphs use ATT&CK in cybersecurity applications is unclear. Find out whether the primary MITRE ATT&CK matrices have been mapped in contemporary cybersecurity knowledge graphs using the findings of our investigation presented in this article.