Global Research Trends and Collaboration in MITRE ATT&CK Framework: A Bibliometric and Network Analysis in Cybersecurity
Article Sidebar
Main Article Content
Abstract
The MITRE ATT&CK framework has become a foundational tool for organizing adversarial behaviors and techniques in cybersecurity. While its adoption in practice and academia has grown significantly, no prior bibliometric review has comprehensively mapped the global research landscape surrounding this framework. This study addresses that gap by conducting a systematic bibliometric and network analysis of publications related to ATT&CK indexed in Scopus from 2017 to 2025. Using VOSviewer and quantitative bibliometric methods, we analyzed 391 publications to identify trends in research output, influential works, key contributors, thematic areas, and patterns of collaboration. Results show exponential growth in studies related to ATT&CK, with North America, Europe, and Asia as major contributors. Network analysis revealed highly interconnected author clusters, while keyword mapping identified five dominant research themes, including threat intelligence, adversary emulation, and machine learning-based detection. Citation analysis further identified inspiring publications that have significantly influenced the field. This review clarifies the intellectual structure and collaborative dynamics of ATT&CK research, offering insights into its development and pointing to future opportunities in interdisciplinary cybersecurity research.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] “MITRE ATT&CK®.” Accessed: May 23, 2025. [Online]. Available at: https://attack.mitre.org/
[2] B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas, “Mitre att&ck: Design and philosophy,” in Technical report, The MITRE Corporation, 2018. Accessed: May 22, 2025. [Online]. Available: https://www.mitre.org/sites/default/files/2021-11/prs-19-01075-28-mitre-attack-design-andphilosophy.pdf I. S. Jacobs and C. P. Bean, “Fine particles, thin films and exchange anisotropy,” in Magnetism, vol. III, G. T. Rado and H. Suhl, Eds. New York: Academic, 1963, pp. 271–350.
[3] B. Strom, “2020 ATT&CK Roadmap,” MITRE ATT&CK®. Accessed: May 29, 2025. [Online]. Available: https://medium.com/mitre-attack/2020-attack-roadmap-4820d30b38ba R. Nicole, “Title of paper with only first word capitalized,” J. Name Stand. Abbrev., in press.
[4] Y. Jiang et al., “MITRE ATT&CK Applications in Cybersecurity and the Way Forward,” Feb. 15, 2025, arXiv: arXiv:2502.10825. doi: 10.48550/arXiv.2502.10825. M. Young, The Technical Writer’s Handbook. Mill Valley, CA: University Science, 1989.
[5] S. Roy, E. Panaousis, C. Noakes, A. Laszka, S. Panda, and G. Loukas, “SoK: The MITRE ATT&CK Framework in Research and Practice,” Apr. 14, 2023, arXiv: arXiv:2304.07411. doi: 10.48550/arXiv.2304.07411.
[6] B. Al-Sada, A. Sadighian, and G. Oligeri, “Mitre ATT&CK: State of the art and way forward,” ACM Comput. Surv., vol. 57, no. 1, pp. 1–37, 2024, Accessed: May 22, 2025. [Online]. Available: https://dl.acm.org/doi/abs/10.1145/3687300?casa_token=zApBLSctg_8AAAAA:jTb1uDFdYpjoKlrePiUjA80vjc6N d0gZtsVVoeat2YCaM9Dl9x8h7bZmIfG4IxD57zjHY3zM0egf
[7] “Scopus - Document search | Signed in.” Accessed: May 29, 2025. [Online]. Available: https://www.scopus.com/search/form.uri?display=basic&zone=header&origin=searchbasic#basic
[8] J. Martí-Parreño, E. Méndez-Ibáñez, and A. Alonso-Arroyo, “The use of gamification in education: a bibliometric and text mining analysis,” J. Comput. Assist. Learn., vol. 32, no. 6, pp. 663–676, 2016, doi: 10.1111/jcal 12161
[9] L. Wang et al., “From Sands to Mansions: Towards Automated Cyberattack Emulation with Classical Planning and Large Language Models,” Apr. 17, 2025, arXiv: arXiv:2407.16928. doi: 10.48550/arXiv.2407.16928
[10] L. Li, C. Huang, and J. Chen, “Automated discovery and mapping ATT&CK tactics and techniques for unstructured Hunting via Adversary Emulation,” IEEE Access, vol. 9, pp. 126023–126033, 2021, doi: https://www.vosviewer.com// cyber threat intelligence,” Comput. Secur., vol. 140, p. 103815, May 2024, doi: 10.1016/j.cose.2024.103815.
[11] A. B. Ajmal, M. A. Shah, C. Maple, M. N. Asghar, and S. U. Islam, “Offensive Security: Towards Proactive Threat 10.1109/ACCESS.2021.3104260.
[12] Z. Jadidi and Y. Lu, “A Threat Hunting Framework for Industrial Control Systems,” IEEE Access, vol. 9, pp. 164118–164130, 2021, doi: 10.1109/ACCESS.2021.3133260.
[13] A. Georgiadou, S. Mouzakitis, and D. Askounis, “Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework,” Sensors, vol. 21, no. 9, Art. no. 9, Jan. 2021, doi: 10.3390/s21093267.
[14] “VOSviewer - Visualizing scientific landscapes,” VOSviewer. Accessed: May 29, 2025. [Online]. Available: https://www.vosviewer.com//
[15] N. J. van Eck and L. Waltman, “Software survey: VOSviewer, a computer program for bibliometric mapping,” Scientometrics, vol. 84, no. 2, pp. 523–538, Feb. 2010.
[16] R. Khan, K. McLaughlin, and S. Sezer, “Security analysis of IoT protocols using formal verification: Current state and future directions,” International Journal of Information Security, vol. 18, pp. 1–18, 2019. [Online]. Available: https://link.springer.com/article/10.1007/s10207-019-00445-y
[17] J. Zhao et al., “A Platform to Evaluate ATT&CK Techniques in IoT Context Sharing,” arXiv preprint arXiv:2407.05290, Jul. 2024. [Online]. Available: https://arxiv.org/abs/2407.05290
[18] OnDefend, “Coverage Isn’t Protection: Why MITRE ATT&CK alignment alone isn’t enough,” OnDefend Blog, Apr. 2025. https://ondefend.com/validate-mitre-attck-coverage-simulations-tabletop/
[19] Divine S. Afenu, Mohammed Asiri, and Neetesh Saxena, “Industrial Control Systems Security Validation Based on MITRE Adversarial Tactics, Techniques, and Common Knowledge Framework,” Electronics, vol. 13, no. 5, art. 917, Feb. 2024. - Demonstrates hands-on ATT&CK-based validation in real ICS scenarios
[20] M. R. Rahman and L. Williams, “An Investigation of Security Controls and MITRE ATT&CK Techniques,” arXiv preprint arXiv:2211.06500, Nov. 2022. [Online]. Available: https://arxiv.org/abs/2211.06500
[21] E. Smyth et al., “The Role of Industry Academia Partnerships Can Play in Cybersecurity: Exploring Collaborative Approaches to Address Cybercrime,” in Proc. ICCWS, 2023. [Online]. Available: (ResearchGate)
[22] Kouper and S. Stone, “Data Sharing and Use in Cybersecurity Research,” Data Sci. J., vol. 23, art. 3, Jan. 2024. [Online]. Available: doi:10.5334/dsj-2024-003
[23] N. Donthu, S. Kumar, D. Mukherjee, N. Pandey, and W. M. Lim, "How to conduct a bibliometric analysis: An overview and guidelines," Journal of Business Research, vol. 133, pp. 285–296, 2021, doi: 10.1016/j.jbusres.2021.04.070.
[24] A. W. Harzing, Publish or Perish, available at: https://harzing.com/resources/publish-or-perish, 2007
[25] M. Aljanabi, M. A. Ismail, R. A. Hasan, and J. Sulaiman, “Intrusion Detection: A Review,” Mesopotamian Journal of CyberSecurity, vol. 2021, pp. 1–4, Jan. 2021. doi: 10.58496/MJCS/2021/001.
[26] W. K. Mohammed, M. A. Taha, and S. M. Mohammed, “A Novel Hybrid Fusion Model for Intrusion Detection Systems Using Benchmark Checklist Comparisons,” Mesopotamian Journal of CyberSecurity, vol. 4, no. 3, pp. 216–232, 2024