Abstract: ATT&CK framework, as an attack perspective framework of network security in recent years, has attracted extensive research in the industry. This paper introduces the existing network security evaluation and detection technologies based on ATT&CK framework, and gives its own research results on this basis. In terms of evaluation, an automatic evaluation system based on ATT&CK framework is proposed. In terms of detection, the data source standardization method, attack analysis framework and attack chain analysis framework based on knowledge graph which are required by detection based on ATT&CK framework are proposed. This paper provides specific idea and implementation scheme for the application of ATT&CK framework in network security evaluation and detection.

Key words: ATT&, CK, network security, evaluation, detection, data source, visualization

摘要： ATT&CK框架作为近年出现的网络安全攻击视角框架，在业内引起广泛的研究.介绍了现有基于ATT&CK框架的网络安全评估和检测技术，并在此基础上给出了其研究成果.在评估方面，提出了基于ATT&CK框架的自动化评估系统；在检测方面，提出了基于ATT&CK框架的检测所需的数据源标准化方法、攻击分析框架以及基于知识图谱的攻击链分析框架.为ATT&CK框架在网络安全评估和检测中的应用实践提供了具体思路和实施方案.

关键词: ATT&, CK, 网络安全, 评估, 检测, 数据源, 可视化