Application of the MITRE ATT&CK Framework in the Context of University Networks

Mirka Miladinović and Savo Tomović
University of Montenegro, Podgorica, Montenegro
miladinovicmirka@gmail.com
DOI: 10.46793/BISEC25.172M

 

ABSTRACT: In today’s digital environment, university networks are constantly exposed to threats from cyber attacks due to the wide range of users and the open nature of university networks. Maintaining the security of these networks requires constant monitoring, detection of vulnerabilities and definition of proactive prevention strategies. The MITRE ATT&CK framework represents a knowledge base that documents the tactics, techniques and procedures (TTP) used by advanced threats (APT – Advanced Persistent Threat) in order to compromise various information systems. As a comprehensive threat analysis tool, this framework has become indispensable in the field of cyber security. University networks are potentially vulnerable environments due to their openness and complexity. Therefore, the goal of this project is to investigate the possibility of successfully applying the MITRE ATT&CK framework in the domain of university networks in order to improve their security. The Academic Network of the University of Montenegro will serve as a case study

KEYWORDS: MITRE ATT&CK, Caldera, Wazuh, university networks security.

ACKNOWLEDGMENT: Agreement on research funding between the University of Montenegro and the company “Sport Vision”

REFERENCES:

  1. MITRE Corporation. MITRE ATT&CK®: A Framework for Cyber Threat Intelligence and Defense. Available at: https://attack.mitre.org/ (accessed: November 2025).
  2. MITRE Corporation. Caldera: Automated Adversary Emulation Platform. Available at: https://github.com/mitre/caldera (accessed: November 2025).
  3. Wazuh, Inc. Wazuh: Open Source Security Platform for Threat Detection, Visibility, and Compliance. Available at: https://wazuh.com/ (accessed: November 2025).
  4. Center for Threat-Informed Defense (CTID). DeTTECT: Detection and Visibility Mapping Framework. MITRE Engenuity, 2023. Available at: https://github.com/center-for-threat-informed-defense/detect (accessed: November 2025).

 

IZVOR: Proceedings of the 16th International Conference on Business Information Security BISEC’2025