How frequently are attacker actions misclassified when mapped to the MITRE ATT&CK framework – and what impact does this have on Threat Hunting and Cyber Threat Intelligence?
Subjectivity
To what extent does personal interpretation influence the classification of attacker techniques? And how does this bias affect the reliability of ATT&CK-based analyses?
Framework Design
Can adjustments to the classification scheme reduce misclassification rates? Which structural improvements could make ATT&CK mappings more consistent and reproducible?
These are the questions we aim to answer – with your help! 😊