Research Article
BibTex RIS Cite

LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA

Year 2025, Volume: 24 Issue: 47, 84 - 134, 30.06.2025

Suat Toksöz , Metin Turan

https://doi.org/10.55071/ticaretfbd.1572294

Abstract

Bu makale, Linux platformunda MITRE ATT&CK matrisine dayalı saldırıların planlanması ve uygulanması süreci ele alınmaktadır. MITRE ATT&CK matrisi, siber tehditlere karşı savunma mekanizmalarının güçlendirilmesi amacıyla geliştirilmiş bir çerçeve olarak tanımlanmakta olup, saldırganların teknikleri, taktikleri ve prosedürleri sistematik bir şekilde sınıflandırılmaktadır. Çalışmada, Linux tabanlı sistemlerde bu matris kullanılarak çeşitli saldırı senaryoları oluşturulmakta ve bu senaryoların uygulanabilirliği test edilmektedir. Ayrıca, bu saldırıların tespiti ve önlenmesi için kullanılabilecek yöntemler ve araçlar tartışılmaktadır. Çalışmada, Balküpü üzerinden gelen saldırılara ait loglar toplanmakta, analiz edilmekte ve değerlendirilmektedir. Elde edilen sonuçlar, siber güvenlik uzmanlarının Linux platformlarında karşılaşabilecekleri tehditleri daha iyi anlamalarına ve bu tehditlere karşı etkili savunma stratejileri geliştirmelerine katkı sağlamak amacıyla sunulmaktadır.

Keywords

Mitre Att&ck Siber Güvenlik Saldırı Planlama Saldırı Tespiti Savunma Stratejileri

References

  • Abbas-Escribano, M., & Hervé D. (2023). An Improved Honeypot Model for Attack Detection and Analysis. ACM International Conference Proceeding Series, doi:10.1145/3600160.3604993.
  • Afenu, D. S., Asiri, M. & Saxena, N. (2024). Industrial Control Systems Security Validation Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge Framework. Electronics (Switzerland) 13(5). doi:10.3390/electronics13050917.
  • Al-Sada, B., Sadighian, A. & Oligeri, G. (2024). Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database. IEEE Access 12. doi:10.1109/ACCESS.2023.3344680.
  • Amal, M. R., & P. Venkadesh. (2023). H-DOCTOR: Honeypot based firewall tuning for attack prevention. Measurement: Sensors 25. doi:10.1016/j.measen.2022.100664.
  • Andrew, Y, Lim, C. & Budiarto, E. (2022). Mapping Linux Shell Commands to MITRE ATT&CK using NLP-Based Approach. Proceedings of the International Conference on Electrical Engineering and Informatics, doi:10.1109/ICELTICs56128.2022.9932097.
  • Candidate, A., & Ayala, G. (2024). POLITECNICO DI TORINO Master’s Degree in ICT FOR SMART SOCIETIES Honeypot in a box: A distributed cluster network for honeypot deployment Supervisors Prof. Marco MELLIA Prof. Idilio DRAGO.
  • Georgiadou, A., Mouzakitis, S., & Askounis, D. (2021). Assessing mitre att&ck risk using a cyber-security culture framework. Sensors 21(9). doi:10.3390/s21093267.
  • Hobert, K,. Lim, C. & Budiarto, E. (2023). Enhancing Cyber Attribution through Behavior Similarity Detection on Linux Shell Honeypots with ATT&CK Framework. Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity: Cryptography and Cybersecurity: Roles, Prospects, and Challenges, ICoCICs 2023, doi:10.1109/ICoCICs58778.2023.10276639.
  • Hussein, M.A., & Hamza, E.K. (2022). Secure Mechanism Applied to Big Data for IIoT by Using Security Event and Information Management System (SIEM). International Journal of Intelligent Engineering and Systems 15(6). doi:10.22266/ijies2022.1231.59.
  • Javadpour, A., Ja’fari, F., Taleb, T., Shojafar, M., & Benzaïd, C. (2024). A comprehensive survey on cyber deception techniques to improve honeypot performance. Computers and Security 140. doi:10.1016/j.cose.2024.103792.
  • José, C. & Santander, M. (2024). Learning Models to Detect Personality Traits of Cyber Attackers: A Combined Approach Using Honeypot and Surveys. doi:10.1007/978-3.
  • Kovar, R. & Paine, K. (2024). The CISO Report. https://www.splunk.com/en_us/pdfs/gated/ebooks/the-ciso-report.pdf adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Koutsikos, I. (2024). Improving Infrastructure Security using Deceptive Technologies.
  • Liao, M.L., Yu, C.L., Lai, Y.C., Chiu, S.P. & Chen, J.L. (2023). An Intelligent Cyber Threat Classification System. International Conference on Advanced Communication Technology, ICACT, doi:10.23919/ICACT56868.2023.10079405.
  • Mitre Att&Ck. (2023). Techniques - Enterprise | MITRE ATT&CK®. Techniques.
  • Mohd Fuzi, M. F., Mazlan, M.F., Jamaluddin, M.N.F. & Halim, I.H.A. (2024). Performance analysis of network intrusion detection using T-Pot honeypots. Journal of Computing Research and Innovation 9: 348–60. https://ir.uitm.edu.my/id/eprint/103968 adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Muhammad, S. & Hafee, A.U. (2024) Investigating Threats to ICS and SCADA Systems Via Honeypot Data Analysis and SIEM. https://www.researchgate.net/publication/382398394 adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Mungsing, S. & Sringendee, K. (2024) Developing Proactive Cyber Threat Defense Systems on Server Computers Using Honeypot Techniques. http://www.ijert.org.
  • Palmer, D. (2024). Linux malware attacks are on the rise, and businesses aren’t ready for it. https://www.zdnet.com/article/linux-malware-attacks-are-on-the-rise-and-businesses-arent-ready-for-it/ adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Raghul, S. A., Gayathri, G., Bhatt, R. & Varun Kumar, K. A. (2024). Enhancing Cybersecurity Resilience: Integrating IDS with Advanced Honeypot Environments for Proactive Threat Detection. Proceedings of the 3rd International Conference on Applied Artificial Intelligence and Computing, ICAAIC 2024, Institute of Electrical and Electronics Engineers Inc., 1363–68. doi:10.1109/ICAAIC60222.2024.10575865.
  • Rashid, S.M.Z.U, Haq, A., Hasan, S.T., Furhad, M.H., Ahmed, M. & Ullah, A.B. (2024). Faking smart industry: exploring cyber-threat landscape deploying cloud-based honeypot. Wireless Networks 30(5). doi:10.1007/s11276-022-03057-y.
  • Rawat, S. (2024). Enhancing False Positive Detection in IDS/IPS Using Honeypots: A Case Study with CSE-CIC-2018 Dataset.
  • Shrivastava, R.K., Bashir, B. & Hota, C. (2019). Attack detection and forensics using honeypot in IoT environment. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), doi:10.1007/978-3-030-05366-6_33.
  • Sikandar, H.S., Sikander, U., Anjum, A. & Khan, M.A. (2022). An Adversarial Approach: Comparing Windows and Linux Security Hardness Using Mitre ATT&CK Framework for Offensive Security. IEEE 19th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI, HONET 2022, doi:10.1109/HONET56683.2022.10018981.
  • Singh, N. & Tripathy, S. (2024). It’s too late if exfiltrate: Early stage Android ransomware detection. Computers and Security 141. doi:10.1016/j.cose.2024.103819.
  • Srinivasa, S., Pedersen, L.M. & Vasilomanolakis, E. (2023). Gotta Catch ’em All: A Multistage Framework for Honeypot Fingerprinting. Digital Threats: Research and Practice 4(3). doi:10.1145/3584976.
  • Xiong, W., Legrand, E., Åberg, O. & Lagerström, R. (2022). Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix. Software and Systems Modeling 21(1): 157–77. doi:10.1007/s10270-021-00898-7.
  • Yang, X., Yuan, J., Yang, H., Kong, Y., Zhang, H. & Zhao, J. (2023). A Highly Interactive Honeypot-Based Approach to Network Threat Management. Future Internet 15(4). doi:10.3390/fi15040127.
  • Yousaf, A. & Zhou, J. (2024). From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity. International Journal of Information Security. doi:10.1007/s10207-024-00812-4.
  • Zahid, H., Hina, S., Hayat, M.F. & Shah, G.A. (2023). Agentless Approach for Security Information and Event Management in Industrial IoT. Electronics (Switzerland) 12(8). doi:10.3390/electronics12081831.

ATTACK PLANNING AND IMPLEMENTATION USING MITRE ATT&CK MATRIX ON LINUX PLATFORM

Year 2025, Volume: 24 Issue: 47, 84 - 134, 30.06.2025

Suat Toksöz , Metin Turan

https://doi.org/10.55071/ticaretfbd.1572294

Abstract

This paper discusses the process of planning and executing attacks based on the MITRE ATT&CK matrix on the Linux platform. The MITRE ATT&CK matrix is defined as a framework developed to strengthen defense mechanisms against cyber threats and systematically classifies attackers' techniques, tactics and procedures. In this study, various attack scenarios are created using this matrix on Linux-based systems and the applicability of these scenarios is tested. Furthermore, methods and tools that can be used to detect and prevent these attacks are discussed. The study collects, analyzes and evaluates the logs of the attacks received through Balküpü. The results are presented in order to help cybersecurity experts better understand the threats they may face on Linux platforms and develop effective defense strategies against these threats.

Keywords

Mitre Att&ck Cybersecurity Attack Planning Attack Detection Defense Strategies

References

  • Abbas-Escribano, M., & Hervé D. (2023). An Improved Honeypot Model for Attack Detection and Analysis. ACM International Conference Proceeding Series, doi:10.1145/3600160.3604993.
  • Afenu, D. S., Asiri, M. & Saxena, N. (2024). Industrial Control Systems Security Validation Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge Framework. Electronics (Switzerland) 13(5). doi:10.3390/electronics13050917.
  • Al-Sada, B., Sadighian, A. & Oligeri, G. (2024). Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&CK Database. IEEE Access 12. doi:10.1109/ACCESS.2023.3344680.
  • Amal, M. R., & P. Venkadesh. (2023). H-DOCTOR: Honeypot based firewall tuning for attack prevention. Measurement: Sensors 25. doi:10.1016/j.measen.2022.100664.
  • Andrew, Y, Lim, C. & Budiarto, E. (2022). Mapping Linux Shell Commands to MITRE ATT&CK using NLP-Based Approach. Proceedings of the International Conference on Electrical Engineering and Informatics, doi:10.1109/ICELTICs56128.2022.9932097.
  • Candidate, A., & Ayala, G. (2024). POLITECNICO DI TORINO Master’s Degree in ICT FOR SMART SOCIETIES Honeypot in a box: A distributed cluster network for honeypot deployment Supervisors Prof. Marco MELLIA Prof. Idilio DRAGO.
  • Georgiadou, A., Mouzakitis, S., & Askounis, D. (2021). Assessing mitre att&ck risk using a cyber-security culture framework. Sensors 21(9). doi:10.3390/s21093267.
  • Hobert, K,. Lim, C. & Budiarto, E. (2023). Enhancing Cyber Attribution through Behavior Similarity Detection on Linux Shell Honeypots with ATT&CK Framework. Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity: Cryptography and Cybersecurity: Roles, Prospects, and Challenges, ICoCICs 2023, doi:10.1109/ICoCICs58778.2023.10276639.
  • Hussein, M.A., & Hamza, E.K. (2022). Secure Mechanism Applied to Big Data for IIoT by Using Security Event and Information Management System (SIEM). International Journal of Intelligent Engineering and Systems 15(6). doi:10.22266/ijies2022.1231.59.
  • Javadpour, A., Ja’fari, F., Taleb, T., Shojafar, M., & Benzaïd, C. (2024). A comprehensive survey on cyber deception techniques to improve honeypot performance. Computers and Security 140. doi:10.1016/j.cose.2024.103792.
  • José, C. & Santander, M. (2024). Learning Models to Detect Personality Traits of Cyber Attackers: A Combined Approach Using Honeypot and Surveys. doi:10.1007/978-3.
  • Kovar, R. & Paine, K. (2024). The CISO Report. https://www.splunk.com/en_us/pdfs/gated/ebooks/the-ciso-report.pdf adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Koutsikos, I. (2024). Improving Infrastructure Security using Deceptive Technologies.
  • Liao, M.L., Yu, C.L., Lai, Y.C., Chiu, S.P. & Chen, J.L. (2023). An Intelligent Cyber Threat Classification System. International Conference on Advanced Communication Technology, ICACT, doi:10.23919/ICACT56868.2023.10079405.
  • Mitre Att&Ck. (2023). Techniques - Enterprise | MITRE ATT&CK®. Techniques.
  • Mohd Fuzi, M. F., Mazlan, M.F., Jamaluddin, M.N.F. & Halim, I.H.A. (2024). Performance analysis of network intrusion detection using T-Pot honeypots. Journal of Computing Research and Innovation 9: 348–60. https://ir.uitm.edu.my/id/eprint/103968 adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Muhammad, S. & Hafee, A.U. (2024) Investigating Threats to ICS and SCADA Systems Via Honeypot Data Analysis and SIEM. https://www.researchgate.net/publication/382398394 adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Mungsing, S. & Sringendee, K. (2024) Developing Proactive Cyber Threat Defense Systems on Server Computers Using Honeypot Techniques. http://www.ijert.org.
  • Palmer, D. (2024). Linux malware attacks are on the rise, and businesses aren’t ready for it. https://www.zdnet.com/article/linux-malware-attacks-are-on-the-rise-and-businesses-arent-ready-for-it/ adresinden 16 Kasım 2024 tarihinde alınmıştır.
  • Raghul, S. A., Gayathri, G., Bhatt, R. & Varun Kumar, K. A. (2024). Enhancing Cybersecurity Resilience: Integrating IDS with Advanced Honeypot Environments for Proactive Threat Detection. Proceedings of the 3rd International Conference on Applied Artificial Intelligence and Computing, ICAAIC 2024, Institute of Electrical and Electronics Engineers Inc., 1363–68. doi:10.1109/ICAAIC60222.2024.10575865.
  • Rashid, S.M.Z.U, Haq, A., Hasan, S.T., Furhad, M.H., Ahmed, M. & Ullah, A.B. (2024). Faking smart industry: exploring cyber-threat landscape deploying cloud-based honeypot. Wireless Networks 30(5). doi:10.1007/s11276-022-03057-y.
  • Rawat, S. (2024). Enhancing False Positive Detection in IDS/IPS Using Honeypots: A Case Study with CSE-CIC-2018 Dataset.
  • Shrivastava, R.K., Bashir, B. & Hota, C. (2019). Attack detection and forensics using honeypot in IoT environment. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), doi:10.1007/978-3-030-05366-6_33.
  • Sikandar, H.S., Sikander, U., Anjum, A. & Khan, M.A. (2022). An Adversarial Approach: Comparing Windows and Linux Security Hardness Using Mitre ATT&CK Framework for Offensive Security. IEEE 19th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI, HONET 2022, doi:10.1109/HONET56683.2022.10018981.
  • Singh, N. & Tripathy, S. (2024). It’s too late if exfiltrate: Early stage Android ransomware detection. Computers and Security 141. doi:10.1016/j.cose.2024.103819.
  • Srinivasa, S., Pedersen, L.M. & Vasilomanolakis, E. (2023). Gotta Catch ’em All: A Multistage Framework for Honeypot Fingerprinting. Digital Threats: Research and Practice 4(3). doi:10.1145/3584976.
  • Xiong, W., Legrand, E., Åberg, O. & Lagerström, R. (2022). Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix. Software and Systems Modeling 21(1): 157–77. doi:10.1007/s10270-021-00898-7.
  • Yang, X., Yuan, J., Yang, H., Kong, Y., Zhang, H. & Zhao, J. (2023). A Highly Interactive Honeypot-Based Approach to Network Threat Management. Future Internet 15(4). doi:10.3390/fi15040127.
  • Yousaf, A. & Zhou, J. (2024). From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity. International Journal of Information Security. doi:10.1007/s10207-024-00812-4.
  • Zahid, H., Hina, S., Hayat, M.F. & Shah, G.A. (2023). Agentless Approach for Security Information and Event Management in Industrial IoT. Electronics (Switzerland) 12(8). doi:10.3390/electronics12081831.
There are 30 citations in total.

Details

Primary Language Turkish
Subjects System and Network Security
Journal Section Research Article
Authors

Suat Toksöz 0000-0002-3074-5455

Metin Turan 0000-0002-1941-6693

Early Pub Date June 14, 2025
Publication Date June 30, 2025
Submission Date October 23, 2024
Acceptance Date December 26, 2024
Published in Issue Year 2025 Volume: 24 Issue: 47

Cite

APA Toksöz, S., & Turan, M. (2025). LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, 24(47), 84-134. https://doi.org/10.55071/ticaretfbd.1572294
AMA Toksöz S, Turan M. LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi. June 2025;24(47):84-134. doi:10.55071/ticaretfbd.1572294
Chicago Toksöz, Suat, and Metin Turan. “LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA”. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi 24, no. 47 (June 2025): 84-134. https://doi.org/10.55071/ticaretfbd.1572294.
EndNote Toksöz S, Turan M (June 1, 2025) LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi 24 47 84–134.
IEEE S. Toksöz and M. Turan, “LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA”, İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, vol. 24, no. 47, pp. 84–134, 2025, doi: 10.55071/ticaretfbd.1572294.
ISNAD Toksöz, Suat - Turan, Metin. “LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA”. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi 24/47 (June 2025), 84-134. https://doi.org/10.55071/ticaretfbd.1572294.
JAMA Toksöz S, Turan M. LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi. 2025;24:84–134.
MLA Toksöz, Suat and Metin Turan. “LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA”. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, vol. 24, no. 47, 2025, pp. 84-134, doi:10.55071/ticaretfbd.1572294.
Vancouver Toksöz S, Turan M. LİNUX PLATFORMUNDA MITRE ATT&CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi. 2025;24(47):84-134.
 Download Cover Image

Creative Commons License   This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.