Integrating Temporal CTI information in MAL based attack Graphs

SUPR uses JavaScript for certain functions. We cannot guarantee that you will be able to use the system with JavaScript disabled.

Dnr:

NAISS 2026/4-889

Type:

NAISS Small

Principal Investigator:

Muhammad Zeshan Naseer

Affiliation:

Kungliga Tekniska högskolan

Start Date:

2026-06-01

End Date:

2027-06-01

Primary Classification:

10201: Computer Sciences

Webpage:

Allocation

Klemming at PDC: 500 GiB
Dardel at PDC: 8 x 1000 core-h/month

Abstract

This project investigates how to incorporate temporal cyber threat intelligence (CTI) into infrastructure-grounded attack graph analysis in order to compute realistic attacker reachability, attack-path likelihoods, and vulnerability heatmaps over enterprise systems. The framework combines a MAL/coreLang-style attack graph with MITRE ATT&CK technique mappings and ChronoCTI temporal relations between techniques to model how attackers plausibly progress through infrastructure over time.