MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #973 from cvandeplas/main

Browse source 
chg: [atlas] update to latest version #newUUIDsForAll
This commit is contained in:
Christophe Vandeplas 2024-05-13 15:26:36 +02:00 committed by GitHub
commit fd8b906055
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 331 additions and 273 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.vscode/launch.json vendored
View file

@ -19,6 +19,15 @@
"args": "-p ../../DW-VA-Taxonomy", "args": "-p ../../DW-VA-Taxonomy",
"cwd": "${fileDirname}" "cwd": "${fileDirname}"
}, },
{
"name": "gen_mitre_atlas",
"type": "debugpy",
"request": "launch",
"program": "${file}",
"console": "integratedTerminal",
"args": "-p ../../atlas-navigator-data",
"cwd": "${fileDirname}"
},
{ {
"name": "Python Debugger: Current File", "name": "Python Debugger: Current File",
"type": "debugpy", "type": "debugpy",

342
clusters/mitre-atlas-attack-pattern.json
View file

File diff suppressed because it is too large Load diff

226
clusters/mitre-atlas-course-of-action.json
View file

@ -19,21 +19,35 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "229ead06-da1e-443c-8ff1-e57a3ae0eb61", "dest-uuid": "65d21e6b-7abe-4623-8f5c-88011cb362cb",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "d93b2175-90a8-4250-821f-dcc3bbbe194c", "dest-uuid": "8c26f51a-c403-4c4d-852a-a1c56fe9e7cd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "aa17fe8d-62f8-4c4c-b7a2-6858c82dd84b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b23cda85-3457-406d-b043-24d2cf9e6fcf",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "0b016f6f-2f61-493c-bf9d-02cad4c027df", "uuid": "40076545-e797-4508-a294-943096a12111",
"value": "Limit Release of Public Information" "value": "Limit Release of Public Information"
}, },
{ {
@ -46,28 +60,28 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "292ebe33-addc-4fe7-b2a9-4856293c4c96", "dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "6945b742-f1d5-4a83-ba4a-d0e0de6620c3", "dest-uuid": "a3baff3d-7228-4ab7-ae00-ffe150e7ef8a",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "6a7f4fc2-272b-4f86-b137-70fa3e239f58", "dest-uuid": "c086784e-1494-4f75-a4a0-d3ad054b9428",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "c0f65fa8-8e05-4481-b934-ff2c452ae8c3", "uuid": "79c75215-ada9-4c22-bfed-7d13fb6e966e",
"value": "Limit Model Artifact Release" "value": "Limit Model Artifact Release"
}, },
{ {
@ -80,49 +94,49 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "569d6edd-0140-4ab2-97b1-3635d62f40cc", "dest-uuid": "86b5f486-afb8-4aa9-991f-0e24d5737f0c",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "65c5e3b8-9296-46a2-ae7d-1b68a79cbe54", "dest-uuid": "943303ef-846b-49d6-b53f-b0b9341ac1ca",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086", "dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "83c5ba15-5312-4c7d-bbb4-f9c4f2c6ffca", "dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "8a115a02-2b88-4a3e-9212-a39dc086320b", "dest-uuid": "e19c6f8a-f1e2-46cc-9387-03a3092f01ed",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "b5d1fd4f-861f-43e0-b1ca-ee8a3b47f7e1", "dest-uuid": "f78e0ac3-6d72-42ed-b20a-e10d8c752cf6",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "6b53cb14-eade-4760-8dae-75164e62cb7e", "uuid": "9f92e876-e2c0-4def-afee-626a4a79c524",
"value": "Passive ML Output Obfuscation" "value": "Passive ML Output Obfuscation"
}, },
{ {
@ -135,21 +149,21 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3", "dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db", "dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "04e9bb75-1b7e-4825-bc3f-774850d3c1ef", "uuid": "216f862c-7f34-4676-a913-c4ec6cc4c2cd",
"value": "Model Hardening" "value": "Model Hardening"
}, },
{ {
@ -162,77 +176,77 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "1cc7f877-cb60-419a-bd1e-32b704b534d0", "dest-uuid": "6c1fca80-3ba9-41c9-8f7b-9824310a94f1",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "3247b43f-1888-4158-b3da-5b7c7dfaa4e2", "dest-uuid": "86b5f486-afb8-4aa9-991f-0e24d5737f0c",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "3b829988-8bdb-4c4e-a4dd-500a3d3fd3e4", "dest-uuid": "8f644f37-e2e6-468e-b720-f395b8c27fbc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "569d6edd-0140-4ab2-97b1-3635d62f40cc", "dest-uuid": "943303ef-846b-49d6-b53f-b0b9341ac1ca",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "65c5e3b8-9296-46a2-ae7d-1b68a79cbe54", "dest-uuid": "ae71ca3a-8ca4-40d2-bdba-4276b29ac8f9",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086", "dest-uuid": "b07d147f-51c8-4eb6-9a05-09c86762a9c1",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "83c5ba15-5312-4c7d-bbb4-f9c4f2c6ffca", "dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "8a115a02-2b88-4a3e-9212-a39dc086320b", "dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "b5d1fd4f-861f-43e0-b1ca-ee8a3b47f7e1", "dest-uuid": "e19c6f8a-f1e2-46cc-9387-03a3092f01ed",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "ba5645e5-d1ab-4f1f-8b82-cb0792543fa8", "dest-uuid": "f78e0ac3-6d72-42ed-b20a-e10d8c752cf6",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "4a048bfe-dab5-434b-86cc-f4586951ec0d", "uuid": "46b3e92d-600b-47c9-80f5-ed62a5db0377",
"value": "Restrict Number of ML Model Queries" "value": "Restrict Number of ML Model Queries"
}, },
{ {
@ -245,56 +259,56 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "0d002b6b-d006-4aab-a7f9-fa69f4a1e675", "dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d", "dest-uuid": "2680aa95-5620-4677-9c62-b0c3d15d9450",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "481486ed-846c-43ce-931b-86b8a18556b0", "dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "666f4d33-1a62-4ad7-9bf9-6387cd3f1fd7", "dest-uuid": "8d644240-ad99-4410-a7f8-3ef8f53a463e",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "68034561-a079-4052-9b64-427bfcff76ff", "dest-uuid": "a50f02df-1130-4945-94bb-7857952da585",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "6945b742-f1d5-4a83-ba4a-d0e0de6620c3", "dest-uuid": "d1f013a8-11f3-4560-831c-8ed5e39247c9",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "822cb1e2-f35f-4b35-a650-59b7770d4abc", "dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "da785068-ece5-4c52-b77d-39e1b24cb6d7", "uuid": "0025dadf-7900-497f-aa03-39f0e319f20e",
"value": "Control Access to ML Models and Data at Rest" "value": "Control Access to ML Models and Data at Rest"
}, },
{ {
@ -307,42 +321,42 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d", "dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "4627c4e6-fb06-4bfa-add5-dc46e0043aff", "dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "8a115a02-2b88-4a3e-9212-a39dc086320b", "dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3", "dest-uuid": "c552f0b5-2e2c-4f8f-badc-0876ecca7255",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db", "dest-uuid": "d8292a1c-21e7-4b45-b110-0e05feb30a9a",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "de7a696b-f688-454c-bf61-476a68b50e9f", "uuid": "dcb586a2-1135-4e2a-97bd-d4adbc79758b",
"value": "Use Ensemble Methods" "value": "Use Ensemble Methods"
}, },
{ {
@ -355,32 +369,32 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "666f4d33-1a62-4ad7-9bf9-6387cd3f1fd7", "dest-uuid": "0ec538ca-589b-4e42-bcaa-06097a0d679f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "6945b742-f1d5-4a83-ba4a-d0e0de6620c3", "dest-uuid": "8d644240-ad99-4410-a7f8-3ef8f53a463e",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "822cb1e2-f35f-4b35-a650-59b7770d4abc", "dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "7e20b527-6299-4ee3-863e-59fee7cdaa9a", "uuid": "9395d240-cc32-452a-911b-04feea01bcfb",
"value": "Sanitize Training Data" "value": "Sanitize Training Data"
}, },
{ {
"description": "Validate that machine learning models perform as intended by testing for backdoor triggers or adversarial bias.\n", "description": "Validate that machine learning models perform as intended by testing for backdoor triggers or adversarial bias.\nMonitor model for concept drift and training data drift, which may indicate data tampering and poisoning.\n",
"meta": { "meta": {
"external_id": "AML.M0008", "external_id": "AML.M0008",
"refs": [ "refs": [
@ -389,28 +403,28 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d", "dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "68034561-a079-4052-9b64-427bfcff76ff", "dest-uuid": "a50f02df-1130-4945-94bb-7857952da585",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "822cb1e2-f35f-4b35-a650-59b7770d4abc", "dest-uuid": "e0eb2b64-aebd-4412-80f3-b71d7805a65f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "32bd077a-90ce-4e97-ad40-8f130a1a7dab", "uuid": "01c2ec0a-e257-4a75-9e59-f71aa6362b6e",
"value": "Validate ML Model" "value": "Validate ML Model"
}, },
{ {
@ -423,21 +437,21 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db", "dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "e0958449-a880-4410-bbb1-fa102030a883", "dest-uuid": "4d5c6974-0307-4535-bf37-7bb4c6a2ef47",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "532918ce-83cf-4f6f-86fa-8ad4024e91ab", "uuid": "1bb9d9a7-c05a-470f-a709-64bd240e2eb0",
"value": "Use Multi-Modal Sensors" "value": "Use Multi-Modal Sensors"
}, },
{ {
@ -450,28 +464,28 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086", "dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3", "dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db", "dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "88aea80f-498f-403d-b82f-e76c44f9da94", "uuid": "73a34f24-1ad1-4421-b9c8-c2cbd13e6f47",
"value": "Input Restoration" "value": "Input Restoration"
}, },
{ {
@ -484,14 +498,14 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b", "dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "6cd8c9ca-bd46-489f-9ccb-5b76b8ef580e", "uuid": "179e00cb-0948-4282-9132-f8a1f0ff6bd7",
"value": "Restrict Library Loading" "value": "Restrict Library Loading"
}, },
{ {
@ -504,28 +518,28 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "0d002b6b-d006-4aab-a7f9-fa69f4a1e675", "dest-uuid": "6a88dccb-fb37-4f11-a5ad-42908aaee1d0",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "529fac49-5f88-4a3c-829f-eb50cb90bcf1", "dest-uuid": "d1f013a8-11f3-4560-831c-8ed5e39247c9",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "b67fc223-fecf-4ee6-9de7-9392d9f04060", "dest-uuid": "e2ebc190-9ff6-496e-afeb-ac868df2361e",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "8bba19a7-fc6f-4381-8b34-2d43cdc14627", "uuid": "aad92d43-774b-4612-8437-8d6c7ee7e4af",
"value": "Encrypt Sensitive Information" "value": "Encrypt Sensitive Information"
}, },
{ {
@ -538,28 +552,28 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d", "dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "4627c4e6-fb06-4bfa-add5-dc46e0043aff", "dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b", "dest-uuid": "d8292a1c-21e7-4b45-b110-0e05feb30a9a",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "c55ed072-eca7-41d6-b5e0-68c10753544d", "uuid": "88073b07-2fe9-41cb-8e76-6e244fbabc74",
"value": "Code Signing" "value": "Code Signing"
}, },
{ {
@ -572,28 +586,28 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "0799f2f2-1038-4391-ba1f-4117595db45a", "dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "b6697dbf-3e3f-41ce-a212-361d1c0ca0e9", "dest-uuid": "d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b", "dest-uuid": "f4fc2abd-71a4-401a-a742-18fc5aeb4bc3",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "a861f658-4203-48ba-bdca-fe068518eefb", "uuid": "cdccb3ab-2dde-41a9-a988-783a25b7bd00",
"value": "Verify ML Artifacts" "value": "Verify ML Artifacts"
}, },
{ {
@ -606,39 +620,39 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "1cc7f877-cb60-419a-bd1e-32b704b534d0", "dest-uuid": "071df654-813a-4708-85dc-f715f785d37f",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "79cdc11c-2ca9-4a6a-96a0-18bd84943086", "dest-uuid": "8735735d-c09d-4298-8e64-9a2b6168a74c",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "8bcf7648-2683-421d-b623-bc539de59cb3", "dest-uuid": "8f644f37-e2e6-468e-b720-f395b8c27fbc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "bb747632-d988-45ff-9cb3-97d827b4d9db", "dest-uuid": "c4e52005-7416-45c4-9feb-8cd5fd34f70a",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "825f21ab-f3c9-46ce-b539-28f295f519f8", "uuid": "0ed2ef71-cdc9-4eef-8432-1c3dadbdda20",
"value": "Adversarial Input Detection" "value": "Adversarial Input Detection"
}, },
{ {
"description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.\n\nFile formats such as pickle files that are commonly used to store machine learning models can contain exploits that allow for arbitrary code execution.\n", "description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.\n\nFile formats such as pickle files that are commonly used to store machine learning models can contain exploits that allow for arbitrary code execution.\nBoth model artifacts and downstream products produced by models should be scanned for known vulnerabilities.\n",
"meta": { "meta": {
"external_id": "AML.M0016", "external_id": "AML.M0016",
"refs": [ "refs": [
@ -647,18 +661,25 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b", "dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "c704a49c-abf0-4258-9919-a862b1865469",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "e2cb599d-2714-4673-bc1a-976c471d7c58", "uuid": "79752061-aac1-4ed9-b7f3-3b4dc5e81280",
"value": "Vulnerability Scanning" "value": "Vulnerability Scanning"
}, },
{ {
"description": "Deploying ML models to edge devices can increase the attack surface of the system. Consider serving models in the cloud to reduce the level of access the adversary has to the model.\n", "description": "Deploying ML models to edge devices can increase the attack surface of the system.\nConsider serving models in the cloud to reduce the level of access the adversary has to the model.\nAlso consider computing features in the cloud to prevent gray-box attacks, where an adversary has access to the model preprocessing methods.\n",
"meta": { "meta": {
"external_id": "AML.M0017", "external_id": "AML.M0017",
"refs": [ "refs": [
@ -667,28 +688,28 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "2792e1f0-3132-4876-878d-a900b8a40e7d", "dest-uuid": "3de90963-bc9f-4ae1-b780-7d05e46eacdd",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "51c95da5-d7f1-4b57-9229-869b80305b37", "dest-uuid": "452b8fdf-8679-4013-bb38-4d16f65430bc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "afcd723a-e5ff-4c09-8f72-fe16f7345af7", "dest-uuid": "ab01ba21-1438-4cd9-a588-92eb271086bc",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "79316871-3bf9-4a59-b517-b0156e84fcb4", "uuid": "432c3a44-3974-4b73-9eb9-fa5dd5298e47",
"value": "Model Distribution Methods" "value": "Model Distribution Methods"
}, },
{ {
@ -701,23 +722,50 @@
}, },
"related": [ "related": [
{ {
"dest-uuid": "5e8e4108-beb6-479a-a617-323d425e5d03", "dest-uuid": "8c849dd4-5d15-45aa-b5b2-59c96a3ab939",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
}, },
{ {
"dest-uuid": "d52b913b-808c-461d-8969-94cd5c9fe07b", "dest-uuid": "be6ef5c5-1ecb-486d-9743-42085bd2c256",
"tags": [ "tags": [
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "mitigates" "type": "mitigates"
} }
], ],
"uuid": "8c2cb25a-46b0-4551-beeb-21e8425a48bd", "uuid": "cce983e7-13a2-4545-8c39-ec6c8dff148d",
"value": "User Training" "value": "User Training"
},
{
"description": "Require users to verify their identities before accessing a production model.\nRequire authentication for API endpoints and monitor production model queries to ensure compliance with usage policies and to prevent model misuse.\n",
"meta": {
"external_id": "AML.M0019",
"refs": [
"https://atlas.mitre.org/mitigations/AML.M0019"
]
},
"related": [
{
"dest-uuid": "90a420d4-3f03-4800-86c0-223c4376804a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
},
{
"dest-uuid": "b07d147f-51c8-4eb6-9a05-09c86762a9c1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "mitigates"
}
],
"uuid": "7b00dd51-f719-433d-afd6-3d386f64386d",
"value": "Control Access to ML Models and Data in Production"
} }
], ],
"version": 10 "version": 12
} }

17
tools/gen_mitre.py
View file

@ -146,12 +146,6 @@ for domain in domains:
if item['type'] not in types.values(): if item['type'] not in types.values():
continue continue
# skip deprecated and/or revoked
# if 'revoked' in item and item['revoked']:
# continue
# if 'x_mitre_deprecated' in item and item['x_mitre_deprecated']:
# continue
# print(json.dumps(item, indent=2, sort_keys=True, ensure_ascii=False)) # print(json.dumps(item, indent=2, sort_keys=True, ensure_ascii=False))
try: try:
# build the new data structure # build the new data structure
@ -178,6 +172,12 @@ for domain in domains:
if 'x_mitre_aliases' in item: if 'x_mitre_aliases' in item:
value['meta']['synonyms'] = item['x_mitre_aliases'] value['meta']['synonyms'] = item['x_mitre_aliases']
# handle deprecated and/or revoked
# if 'x_mitre_deprecated' in item and item['x_mitre_deprecated']:
# value['deprecated'] = True
# if 'revoked' in item and item['revoked']:
# value['revoked'] = True
if 'external_references' in item: if 'external_references' in item:
for reference in item['external_references']: for reference in item['external_references']:
if 'url' in reference and reference['url'] not in value['meta']['refs']: if 'url' in reference and reference['url'] not in value['meta']['refs']:
@ -205,9 +205,9 @@ for domain in domains:
value['meta']['mitre_data_sources'] = item['x_mitre_data_sources'] value['meta']['mitre_data_sources'] = item['x_mitre_data_sources']
if 'x_mitre_platforms' in item: if 'x_mitre_platforms' in item:
value['meta']['mitre_platforms'] = item['x_mitre_platforms'] value['meta']['mitre_platforms'] = item['x_mitre_platforms']
# TODO add the other x_mitre elements dynamically # TODO add the other x_mitre elements dynamically, but now it seems to break the tests
# x_mitre_fields = [key for key in item.keys() if key.startswith('x_mitre')] # x_mitre_fields = [key for key in item.keys() if key.startswith('x_mitre')]
# skip_x_mitre_fields = ['x_mitre_aliases', 'x_mitre_version', 'x_mitre_old_attack_id', 'mitre_attack_spec_version'] # skip_x_mitre_fields = ['x_mitre_deprecated', 'x_mitre_aliases', 'x_mitre_version', 'x_mitre_old_attack_id', 'x_mitre_attack_spec_version']
# for skip_field in skip_x_mitre_fields: # for skip_field in skip_x_mitre_fields:
# try: # try:
# x_mitre_fields.remove(skip_field) # x_mitre_fields.remove(skip_field)
@ -220,7 +220,6 @@ for domain in domains:
value['type'] = item['type'] # remove this before dump to json value['type'] = item['type'] # remove this before dump to json
# print(json.dumps(value, sort_keys=True, indent=2)) # print(json.dumps(value, sort_keys=True, indent=2))
# FIXME if 'x_mitre_deprecated' , 'revoked'
all_data_uuid[uuid] = value all_data_uuid[uuid] = value
except Exception: except Exception:

10
tools/gen_mitre_atlas.py
View file

@ -107,9 +107,11 @@ for item in attack_data['objects']:
if 'external_id' in reference and reference.get("source_name", None) in mitre_sources: if 'external_id' in reference and reference.get("source_name", None) in mitre_sources:
value['meta']['external_id'] = reference['external_id'] value['meta']['external_id'] = reference['external_id']
if not value['meta'].get('external_id', None): if not value['meta'].get('external_id', None):
exit("Entry is missing an external ID, please update mitre_sources. Available references: {}".format( # dataset also contains MITRE ATT&CK, whenever we don't find external ID from the allowed sources it's a sign that the entry is not of the type of interest
json.dumps(item['external_references']) continue
)) # exit("Entry is missing an external ID, please update mitre_sources. Available references: {}".format(
# json.dumps(item['external_references'])
# ))
if 'kill_chain_phases' in item: # many (but not all) attack-patterns have this if 'kill_chain_phases' in item: # many (but not all) attack-patterns have this
value['meta']['kill_chain'] = [] value['meta']['kill_chain'] = []
@ -127,7 +129,7 @@ for item in attack_data['objects']:
all_data_uuid[uuid] = value all_data_uuid[uuid] = value
except Exception as e: except Exception:
print(json.dumps(item, sort_keys=True, indent=2)) print(json.dumps(item, sort_keys=True, indent=2))
import traceback import traceback
traceback.print_exc() traceback.print_exc()