TY - GEN
T1 - Dataset of APT Persistence Techniques on Windows Platforms Mapped to the MITRE ATT&CK Framework
AU - Rahal, Khaled
AU - Riahi, Arbia
AU - Debatty, Thibault
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Securing against intrusions is a crucial aspect of cybersecurity defense. As systems become more complex and new technologies are introduced, new threats are constantly emerging, putting all aspects of information systems at risk. To detect these threats and put in place effective response strategies, security professionals must test their solutions on real-world data. This underscores the importance of datasets to provide a simulation of attack scenarios. Advanced Persistent Threats (APT) carry out multi-stage attacks on an organization’s network, often spanning extended periods. Existing datasets on APT mainly focus on the different kill chain stages such as initial intrusion, privilege escalation, lateral movements, and command and control. However, the persistence phase, which is crucial for the sustainability of attacks, is often neglected [10]. In this work, we propose a dataset specifically dedicated to the persistence techniques employed by the threat actor targeting the Windows platform. Our work offers a detailed analysis of persistence mechanisms, relying on realistic virtualized environments and attack simulation tools, based on MITRE ATT&CK TTP (Tactics, Techniques, and Procedures) used by known APT groups. Publicly available at [26], the datasets include detailed instructions for access and use, ensuring reproducibility and usability for researchers and cybersecurity practitioners.
AB - Securing against intrusions is a crucial aspect of cybersecurity defense. As systems become more complex and new technologies are introduced, new threats are constantly emerging, putting all aspects of information systems at risk. To detect these threats and put in place effective response strategies, security professionals must test their solutions on real-world data. This underscores the importance of datasets to provide a simulation of attack scenarios. Advanced Persistent Threats (APT) carry out multi-stage attacks on an organization’s network, often spanning extended periods. Existing datasets on APT mainly focus on the different kill chain stages such as initial intrusion, privilege escalation, lateral movements, and command and control. However, the persistence phase, which is crucial for the sustainability of attacks, is often neglected [10]. In this work, we propose a dataset specifically dedicated to the persistence techniques employed by the threat actor targeting the Windows platform. Our work offers a detailed analysis of persistence mechanisms, relying on realistic virtualized environments and attack simulation tools, based on MITRE ATT&CK TTP (Tactics, Techniques, and Procedures) used by known APT groups. Publicly available at [26], the datasets include detailed instructions for access and use, ensuring reproducibility and usability for researchers and cybersecurity practitioners.
KW - Advanced Persistent Threat
KW - Datasets
KW - Mitre Att&ck
KW - Persistence Techniques
UR - http://www.scopus.com/inward/record.url?scp=105002711692&partnerID=8YFLogxK
U2 - 10.1109/ICIN64016.2025.10943025
DO - 10.1109/ICIN64016.2025.10943025
M3 - Conference contribution
AN - SCOPUS:105002711692
T3 - Proceedings of the 28th Conference on Innovation in Clouds, Internet and Networks, ICIN 2025
SP - 17
EP - 24
BT - Proceedings of the 28th Conference on Innovation in Clouds, Internet and Networks, ICIN 2025
A2 - Paganelli, Frederica
A2 - Rojas, Elisa
A2 - Mitton, Nathalie
A2 - Naboulsi, Diala
A2 - Borsatti, Davide
A2 - Rovedakis, Stephane
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 28th Conference on Innovation in Clouds, Internet and Networks, ICIN 2025
Y2 - 11 March 2025 through 14 March 2025
ER -