[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-36124":3,"doc-seo-36124":29},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},36124,1099513958762,"Logic","https://ap-avatar.wpscdn.com/avatar/1000023916a998db790?x-image-process=image/resize,m_fixed,w_180,h_180&k=1782109480056885918",8,"Research & Report","Adaptive Threat Modeling with MITRE ATT&CK: A Machine Learning Framework for Real-Time Adversarial Detection","Traditional cybersecurity threat modeling often depends on static, rule-based logic, making it weak against evolving adversarial tactics and difficult to interpret in operational settings. The framework introduces machine learning for real-time detection and attribution by integrating structured telemetry, temporal TTP sequences, and behavioral mapping into the MITRE ATT&CK matrix. It ingests logs from Sysmon, Zeek, and OSQuery, enriches sequences via STIX/TAXII and Sigma, and builds feature representations for supervised and unsupervised inference. Entropy-based drift monitoring and continual learning with synthetic attacks and analyst feedback improve adaptability. Calibrated threat scoring with SHAP-driven explanations yields high detection quality, strong ATT&CK coverage, and sub-second SOC integration.","","cbCaidYy0RrJjUEx","https://ap.wps.com/l/cbCaidYy0RrJjUEx","pdf",542276,1,6,"English","en",105,"# Introduction\n# Related Work\n## Machine Learning for Threat Detection\n# System Architecture\n# Methodology\n# Experimental Setup\n# Results and Analysis\n# Conclusion and Future Directions","[{\"question\":\"How does the framework connect telemetry to MITRE ATT\\u0026CK for threat attribution?\",\"answer\":\"It ingests structured telemetry from multiple sources such as Sysmon, Zeek, and OSQuery, maps event sequences to ATT\\u0026CK techniques using STIX/TAXII enrichment and Sigma-based rules, and then generates TTP attributions for real-time detection.\"},{\"question\":\"What mechanisms enable the system to stay effective as adversary behavior changes?\",\"answer\":\"An entropy-based drift detection module monitors concept drift, and continual learning retrains the model using synthetic attack simulations together with analyst feedback.\"},{\"question\":\"How are threat scores made explainable for SOC analysts?\",\"answer\":\"Threat scores are computed using calibrated scoring functions and enriched with SHAP-based attribution, improving interpretability and analyst trust.\"}]",1782853821,15,null]