Tactics and Techniques from MITRE ATLAS #245
Comments
|
This would hang right under External Threat Model Thing. It would not be considered an Attack Thing. |
Is this right? :ATLASThing a owl:Class ;
rdfs:label "ATLAS Thing" ;
rdfs:subClassOf :ExternalThreatModelThing .and then define subclasses for ATLAS(Tactic/Technique/Mitigation) from that? |
|
Yes, it should mirror the attack tree structure |
|
assuming the following added to the ontology: :ATLASThing a owl:Class ;
rdfs:label "ATLAS Thing" ;
rdfs:subClassOf :ExternalThreatModelThing .
:ATLASTactic a owl:Class ;
rdfs:label "ATLAS Tactic" ;
rdfs:subClassOf :ATLASThing,
:Goal,
[ a owl:Restriction ;
owl:onProperty :enabled-by ;
owl:someValuesFrom :ATLASTechnique ] ;
rdfs:seeAlso <https://atlas.mitre.org/tactics> ;
:definition "An ATLAS Tactic is a categorical classification of techniques within the MITRE ATLAS™ framework, representing adversarial goals particular to artificial intelligence systems. It also adapts MITRE ATT&CK® Enterprise Matrix tactics by integrating machine learning concepts, thus capturing the unique motives behind actions in AI-specific operations." .
:ATLASTechnique a owl:Class ;
rdfs:label "ATLAS Technique" ;
rdfs:subClassOf :ATLASThing,
:Action,
:Technique,
[ a owl:Restriction ;
owl:onProperty :enables ;
owl:someValuesFrom :ATLASTactic ] ;
rdfs:seeAlso <https://atlas.mitre.org/techniques> ;
:definition "An ATLAS Technique is an action conducted by adversaries to accomplish tactical goals within the context of artificial intelligence systems. These techniques articulate both 'how' adversaries execute these actions to reach their objectives and 'what' outcomes are achieved from these maneuvers." .
:ATLASMitigation a owl:Class ;
rdfs:label "ATLAS Mitigation" ;
rdfs:subClassOf :ATLASThing,
[ a owl:Restriction ;
owl:onProperty :semantic-relation ;
owl:someValuesFrom :DefensiveTechnique ] .
:atlas-id a owl:DatatypeProperty,
owl:FunctionalProperty ;
rdfs:label "atlas-id" ;
rdfs:subPropertyOf :d3fend-kb-data-property ;
rdfs:domain :ATLASThing ;
rdfs:range xsd:string ;
:definition "x atlas-id y: The ATLAS thing x is identified by string y." .@netfl0 I will port this to Python, but does this Turtle output look sensible for the tactics mapping? https://gist.github.com/aamedina/7580cb202173e2a34a3d9e69e7316dc8 |
|
That looks pretty much perfect to me :) I am thinking we ought to just duplicate the python update attack code. (Some of it is ugly, a bash script comes to mind :)
As a new target then we'll know if something breaks with the atlas data. |
Overview
This proposal seeks to integrate MITRE ATLAS tactics and techniques into the existing D3FEND ontology to enhance the representational fidelity of AI threats within the model. The ATLAS framework, which extends the MITRE ATT&CK Enterprise Matrix to AI-specific contexts, models adversarial goals and methods in compromising AI systems. By keeping D3FEND up to date with ATLAS, we could provide the public with a more comprehensive ontology that can better guide the development of defenses against evolving AI-centric cyber threats.
Discussion
References
The text was updated successfully, but these errors were encountered: