From Detection to Action: AI Revolutionists Cyberattack Response

This research, conducted by investigators from the Information Processing and Telecommunications Center(IPTC), from the Universidad Politécnica de Madrid (UPM) presents an advanced approach to cybersecurity by introducing a dynamic model for cyberattack characterisation based on the MITRE ATT&CK framework. The study addresses the growing complexity of modern cyber threats, particularly zero-day attacks and advanced persistent threats (APTs), which are often undetectable using traditional methods.

The proposed system leverages machine learning (ML) techniques to identify attacker tactics, techniques, and procedures (TTPs) directly from network traffic data. By training ML models on labelled datasets, the system can classify malicious behaviour with high accuracy and map it to specific ATT&CK techniques. This enables a deeper semantic understanding of cyberattacks beyond simple detection.

A key innovation of the work is the integration of an ontology-based decision support system. This layer connects identified techniques with relevant mitigations, vulnerabilities, and attack patterns (CAPEC), allowing the system to automatically recommend tailored countermeasures in real time. The approach enhances risk assessment by incorporating both the likelihood and impact of detected threats.

Validation results show high performance in technique classification (≈98% accuracy) and effective real-time decision support in simulated industrial environments.

Potential applications include:

• Real-time intrusion detection and response systems
• Cyber situational awareness platforms
• Protection of industrial control systems (ICS)
• Automated risk management and decision support in critical infrastructures

In an era where cyber threats evolve faster than ever, this research represents a significant step toward intelligent, adaptive defense systems. By combining artificial intelligence with structured threat intelligence frameworks, the work carried out by IPTC researchers paves the way for more resilient and autonomous cybersecurity solutions. As organizations continue to face increasingly sophisticated attacks, approaches like this will be essential to move from reactive defense to proactive and strategic protection of critical infrastructures.

Bibliographic reference:Sánchez-Zas, C., Larriva-Novo, X., Villagra, V.A., Solera-Cotanilla, S. & Sanz-Rodrigo, M. Dynamic characterisation of cyberattacks based on the MITRE ATT&CK framework applied to the optimisation of a mitigation selection process in Future Generation Computer Systems, 177, pp. 108272. https://doi.org/10.1016/j.future.2025.108272

Carmen Sánchez Zas: GS / ORCID / LinkedIn

Xavier Larriva-Novo: GS / ORCID / LinkedIn

Víctor A. Villagra: GS / ORCID / LinkedIn

Sonia Solera Cotanilla: GS / ORCID / LinkedIn

Mario Sanz Rodrigo: GS / ORCID / LinkedIn

LinkedIn: https://www.linkedin.com/company/iptc-upm/

For more information: www.iptc.upm.es

Share this: