MITRE ATT&CK: State of the Art and Way Forward

MITRE ATT&CK is a comprehensive framework of adversary tactics, techniques, and procedures based on real-world observations. It has been used as a foundation for threat modeling in different sectors, such as government, academia, and industry. To the best of our knowledge, no previous work has been devoted to the comprehensive collection, study, and investigation of the current state of the art leveraging the MITRE ATT&CK framework. We select and inspect more than 50 major research contributions, while conducting a detailed analysis of their methodology and objectives in relation to the MITRE ATT&CK framework. We provide a categorization of the identified papers according to different criteria such as use cases, application scenarios, adopted methodologies, and the use of additional data. Finally, we discuss open issues and future research directions involving not only the MITRE ATT&CK framework but also the fields of threat analysis, threat modeling, and in general cyber-threat intelligence.