{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,23]],"date-time":"2025-09-23T21:21:16Z","timestamp":1758662476022,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":24,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,2,20]]},"DOI":"10.1145\/3731806.3731846","type":"proceedings-article","created":{"date-parts":[[2025,9,23]],"date-time":"2025-09-23T10:17:39Z","timestamp":1758622659000},"page":"72-76","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Risk-Based MITRE TTP Scoring for Proactive Cyber Threat Prioritization and Response"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3588-5489","authenticated-orcid":false,"given":"S M Zia Ur","family":"Rashid","sequence":"first","affiliation":[{"name":"Department of Cyber Studies, The University of Tulsa, Tulsa, Oklahoma, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-1823-2386","authenticated-orcid":false,"given":"Mohammad Makchudul","family":"Alam","sequence":"additional","affiliation":[{"name":"Cyber Threat Intelligence Unit, BGD e-GOV CIRT, Dhaka, Dhaka, Bangladesh"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1420-8095","authenticated-orcid":false,"given":"Irfanul","family":"Montasir","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, International Islamic University Chittagong, Chattogram, Chattogram, Bangladesh"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4574-4498","authenticated-orcid":false,"given":"Ashfaqul","family":"Haq","sequence":"additional","affiliation":[{"name":"Department of Electrical and Electronic Engineering, International Islamic University Chittagong, Chattogram, Chattogram, Bangladesh"}]}],"member":"320","published-online":{"date-parts":[[2025,9,23]]},"reference":[{"key":"e_1_3_3_1_2_2","unstructured":"R. Johnson T. Smith and K. Lee \u201cCybersecurity Threat Prioritization in Modern Organizations \u201d Journal of Information Security vol. 34 no. 2 pp. 123\u2013135 2021."},{"key":"e_1_3_3_1_3_2","unstructured":"A. Brown P. Anderson and H. Taylor \u201cLeveraging the MITRE ATT&CK Framework for Proactive Defense \u201d International Journal of Cyber Research vol. 19 no. 1 pp. 45\u201358 2022."},{"key":"e_1_3_3_1_4_2","unstructured":"Y. Chen L. Davis and T. Nguyen \u201cChallenges and Opportunities in Threat Intelligence Applications \u201d Proceedings of the 12th International Cybersecurity Conference pp. 245\u2013259 2023."},{"key":"e_1_3_3_1_5_2","unstructured":"V. Singh X. Zhou and Y. Lin \u201cCase Studies in Advanced Persistent Threat Campaigns \u201d Cyber Threat Analytics Quarterly vol. 16 no. 3 pp. 78\u201392 2023."},{"key":"e_1_3_3_1_6_2","unstructured":"U. Singh and C. Joshi \u201cQuantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit \u201d Proceedings of the World Congress on Engineering and Computer Science October 2016."},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"crossref","unstructured":"M. Pendleton et al. \u201cA Survey on Systems Security Metrics \u201d ACM Comput. Surv. vol. 50 no. 6 pp. 1\u201341 2017.","DOI":"10.1145\/3131347"},{"key":"e_1_3_3_1_8_2","doi-asserted-by":"crossref","unstructured":"A. Ramos et al. \u201cModel-Based Quantitative Network Security Metrics: A Survey \u201d IEEE Communications Surveys & Tutorials vol. 19 no. 2 pp. 803\u2013827 2017.","DOI":"10.1109\/COMST.2017.2745505"},{"key":"e_1_3_3_1_9_2","unstructured":"R. Fatkieva and A. Krupina \u201cEnterprise Information Security Assessment Using Balanced Scorecard \u201d Advances in Automation vol. 3 no. 1 pp. 35\u201345 2020."},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"crossref","unstructured":"E. Philippou et al. \u201cContextualising and Aligning Security Metrics and Business Objectives \u201d Computers & Security vol. 88 pp. 101\u2013113 2020.","DOI":"10.1016\/j.cose.2019.101634"},{"key":"e_1_3_3_1_11_2","unstructured":"J. N. Al-Karaki et al. \u201cGoSafe: A Cybersecurity Assessment Framework \u201d Journal of King Saud University vol. 32 no. 2 pp. 295\u2013303 2020."},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"crossref","unstructured":"M. Tupper and M. Zincir-Heywood \u201cVEA-ability Security Metric: A Network Security Analysis Tool \u201d Third International Conference on Availability Reliability and Security 2008.","DOI":"10.1109\/ARES.2008.138"},{"key":"e_1_3_3_1_13_2","unstructured":"V. Syrkin D. Narvaez and M. Scott \u201cMITRE ATT&CK: State of the Art and Way Forward \u201d Proceedings of the ACM on Computer and Communications Security 2024."},{"key":"e_1_3_3_1_14_2","unstructured":"X. Cheng Z. Liu and Y. Zhang \u201cAn investigation of security controls and MITRE ATT&CK techniques \u201d arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2211.06500 2022."},{"key":"e_1_3_3_1_15_2","unstructured":"P. Patel et al. \u201cMulticriteria Decision-Making for ATT&CK Countermeasure Prioritization \u201d 2023."},{"key":"e_1_3_3_1_16_2","unstructured":"P. Jain A. Mehta and D. Sharma \u201cAssessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework \u201d Semantics Scholar 2023."},{"key":"e_1_3_3_1_17_2","unstructured":"NIST \u201cA Complete Guide to the Common Vulnerability Scoring System (CVSS) \u201d 2007. [Online]. Available: https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=51198."},{"key":"e_1_3_3_1_18_2","doi-asserted-by":"crossref","unstructured":"V. Orbinato M. Barbaraci R. Natella and D. Cotroneo \u201cAutomatic Mapping of Unstructured Cyber Threat Intelligence: An Experimental Study \u201d in Proceedings of the 33rd IEEE International Symposium on Software Reliability Engineering (ISSRE) 2022.","DOI":"10.1109\/ISSRE55969.2022.00027"},{"key":"e_1_3_3_1_19_2","unstructured":"MITRE ATT&CK Navigator \u201cTop Attack Techniques \u201d [Online]. Available: https:\/\/ctid.mitre.org\/projects\/top-attack-techniques\/."},{"key":"e_1_3_3_1_20_2","unstructured":"CVSS v3.1 calculator \u201cCVSS v3.1 calculator\u201d [Online]. Available: https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator\/v31\/equations"},{"key":"e_1_3_3_1_21_2","unstructured":"J. Doe A. Smith and R. Johnson \u201cSoK: The MITRE ATT&CK Framework in Research and Practice \u201d arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2304.07411 2023. [Online]. Available: https:\/\/arxiv.org\/pdf\/2304.07411."},{"key":"e_1_3_3_1_22_2","unstructured":"I. Mohamed H. A. Hefny N. R. Darwish \u201ca multicriteria decision-making approach to MITRE ATT&CK mitigation strategy \u201d arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2407.19222 2024. [Online]. Available: https:\/\/arxiv.org\/pdf\/2407.19222"},{"key":"e_1_3_3_1_23_2","unstructured":"Ahmed et-al \u201cMITRE ATT&CK-Driven Cyber Risk Assessment 2022 \u201d arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2304.07411 2022. [Online]. Available: https:\/\/www.manospanaousis.com\/files\/pdf\/papers\/ahmed2022mitre.pdf"},{"key":"e_1_3_3_1_24_2","doi-asserted-by":"crossref","unstructured":"B.AL-SADA A.SADIGHIAN G.OLIGERI \u201cAnalysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database 2023 \u201d IEEE Access DOI: 10.1109\/ACCESS.2023.3344680 2023. [Online]. Available: http:\/\/dx.doi.org\/10.1109\/ACCESS.2023.3344680","DOI":"10.1109\/ACCESS.2023.3344680"},{"key":"e_1_3_3_1_25_2","unstructured":"C. Guitton C. Rojas and S. Rege \u201cCyber Risk Assessments Using MITRE ATT&CK \u201d Proceedings of the ACM on Computer and Communications Security 2023."}],"event":{"name":"ICSCA 2025: 2025 14th International Conference on Software and Computer Applications","acronym":"ICSCA 2025","location":"Kuala Lumpur Malaysia"},"container-title":["Proceedings of the 2025 14th International Conference on Software and Computer Applications"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3731806.3731846","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,23]],"date-time":"2025-09-23T20:52:47Z","timestamp":1758660767000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3731806.3731846"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,20]]},"references-count":24,"alternative-id":["10.1145\/3731806.3731846","10.1145\/3731806"],"URL":"https:\/\/doi.org\/10.1145\/3731806.3731846","relation":{},"subject":[],"published":{"date-parts":[[2025,2,20]]},"assertion":[{"value":"2025-09-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}