ARCHIVES
Original Article
Zero Trust-X: A Research on a Zero Trust–Based Approach to Enhance Cyber Resilience Using the MITRE ATT&CK Framework
Mariya Augustine1
Karthiga N2
Karthik K. G3
Sanjunaa Poopathi4
Sowndarya V5
1 2 3 4 B.E. Computer Science and Engineering (Cyber Security), United Institute of Technology, Coimbatore, Tamil Nadu, India. 5 Assistant Professor, Department of Computer Science and Engineering (Cyber Security), United Institute of Technology, Coimbatore, Tamil Nadu, India.
Published Online: May-August 2026
Pages: 137-144
Cite this article
↗ https://www.doi.org/10.59256/indjcst.20260502015
References
1. J. Kindervag, No More Chewy Centers: Introducing the Zero Trust Model of Information Security, Forrester Research. 5(2) (2010) 1–16.
2. S. Rose, O. Borchert, S. Mitchell and S. Connelly, Zero Trust Architecture, NIST Special Publication 800-207, National Institute of
Standards and Technology. 8(4) (2020) 1–59.
3. MITRE Corporation, MITRE ATT&CK Framework. [Online].Available: https://attack.mitre.org/
4. J. Ward and B. Beyer, BeyondCorp: A New Approach to Enterprise Security, IEEE Security and Privacy. 12(5) (2014) 62–67.
5. A. Shaghaghi, M. Abomhara and G. M. Køien, Enhancing Network Security Using Micro-Segmentation Techniques, Computers and
Security. 97(2) (2020) 101942.
6. R. Khan, K. McLaughlin and D. Laverty, Cybersecurity Framework for Smart Grid Using Zero Trust Architecture, IEEE Transactions on
Smart Grid. 13(2) (2022) 1021–1032.
7. Y. Ahn, J. Kim and H. Lee, Integration of Zero Trust Architecture with MITRE ATT&CK Framework for Threat Detection, IEEE Access.
12(1) (2024) 22345–22358.
8. A. Alshamrani, S. Myneni, A. Chowdhary and D. Huang, A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges andResearch Opportunities, IEEE Communications Surveys and Tutorials. 21(2) (2019) 1851–1877.
9. K. Scarfone and P. Mell, Guide to Intrusion Detection and Prevention Systems (IDPS), NIST Special Publication 800-94. 6(3) (2007) 1–127.
10. H. Debar, M. Dacier and A. Wespi, Towards a Taxonomy of Intrusion Detection Systems, Computer Networks. 31(8) (1999) 805–822.
11. R. Sandhu, E. Coyne, H. Feinstein and C. Youman, Role-Based Access Control Models, IEEE Computer. 29(2) (1996) 38–47.
12. D. Ferraiolo, R. Kuhn and R. Chandramouli, Role-Based Access Control, Artech House Computer Security Series. 4(2) (2003) 1–300.
13. S. Oh and S. Park, Task-Role-Based Access Control Model, Information Systems. 28(6) (2003) 533–562.
14. A. Aldribi, M. Traore and A. Ghorbani, Cyber Threat Intelligence Sharing: Requirements, Challenges and Solutions, Computers and
Security. 92(1) (2020) 101761.
15. R. Mitchell and I. Chen, A Survey of Intrusion Detection Techniques for Cyber-Physical Systems, ACM Computing Surveys. 46(4) (2014)
1–29.
16. A. Singhal and X. Ou, Security Risk Analysis of Enterprise Networks Using Attack Graphs, NIST Interagency Report. 7(5) (2011) 1–28.
17. N. Moustafa and J. Slay, UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems, Military Communications
and Information Systems Conference. 3(2) (2015) 1–6.
18. E. Bertino and N. Islam, Botnets and Internet of Things Security, IEEE Computer. 50(2) (2017) 76–79.
19. S. Yu, Distributed Denial of Service Attack and Defense, Springer Briefs in Computer Science. 2(1) (2014) 1–91.
20. P. Cichonski, T. Millar, T. Grance and K. Scarfone, Computer Security Incident Handling Guide, NIST Special Publication 800-61. 9(2)
(2012) 1–147.
21. A. G. Rege and M. A. Shaikh, Cyber Resilience: A Review of Critical Infrastructure Protection Strategies, International Journal of Critical
Infrastructure Protection. 25(1) (2019) 100305
22. P. Mell and T. Grance, The NIST Definition of Cloud Computing, NIST Special Publication 800-145. 4(1) (2011) 1–7.
23. M. Bishop, Computer Security: Art and Science, Addison-Wesley Professional. 6(2) (2003) 1–1136.
24. N. Mavroeidis and S. Bromander, Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards and Ontologies within
Cyber Threat Intelligence, IEEE European Symposium on Security and Privacy Workshops. 5(3) (2017) 91–98.
25. S. Yu, P. Smith and A. Newell, Zero Trust Security: An Enterprise Guide, O’Reilly Media. 10(2) (2021) 1–220.
2. S. Rose, O. Borchert, S. Mitchell and S. Connelly, Zero Trust Architecture, NIST Special Publication 800-207, National Institute of
Standards and Technology. 8(4) (2020) 1–59.
3. MITRE Corporation, MITRE ATT&CK Framework. [Online].Available: https://attack.mitre.org/
4. J. Ward and B. Beyer, BeyondCorp: A New Approach to Enterprise Security, IEEE Security and Privacy. 12(5) (2014) 62–67.
5. A. Shaghaghi, M. Abomhara and G. M. Køien, Enhancing Network Security Using Micro-Segmentation Techniques, Computers and
Security. 97(2) (2020) 101942.
6. R. Khan, K. McLaughlin and D. Laverty, Cybersecurity Framework for Smart Grid Using Zero Trust Architecture, IEEE Transactions on
Smart Grid. 13(2) (2022) 1021–1032.
7. Y. Ahn, J. Kim and H. Lee, Integration of Zero Trust Architecture with MITRE ATT&CK Framework for Threat Detection, IEEE Access.
12(1) (2024) 22345–22358.
8. A. Alshamrani, S. Myneni, A. Chowdhary and D. Huang, A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges andResearch Opportunities, IEEE Communications Surveys and Tutorials. 21(2) (2019) 1851–1877.
9. K. Scarfone and P. Mell, Guide to Intrusion Detection and Prevention Systems (IDPS), NIST Special Publication 800-94. 6(3) (2007) 1–127.
10. H. Debar, M. Dacier and A. Wespi, Towards a Taxonomy of Intrusion Detection Systems, Computer Networks. 31(8) (1999) 805–822.
11. R. Sandhu, E. Coyne, H. Feinstein and C. Youman, Role-Based Access Control Models, IEEE Computer. 29(2) (1996) 38–47.
12. D. Ferraiolo, R. Kuhn and R. Chandramouli, Role-Based Access Control, Artech House Computer Security Series. 4(2) (2003) 1–300.
13. S. Oh and S. Park, Task-Role-Based Access Control Model, Information Systems. 28(6) (2003) 533–562.
14. A. Aldribi, M. Traore and A. Ghorbani, Cyber Threat Intelligence Sharing: Requirements, Challenges and Solutions, Computers and
Security. 92(1) (2020) 101761.
15. R. Mitchell and I. Chen, A Survey of Intrusion Detection Techniques for Cyber-Physical Systems, ACM Computing Surveys. 46(4) (2014)
1–29.
16. A. Singhal and X. Ou, Security Risk Analysis of Enterprise Networks Using Attack Graphs, NIST Interagency Report. 7(5) (2011) 1–28.
17. N. Moustafa and J. Slay, UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems, Military Communications
and Information Systems Conference. 3(2) (2015) 1–6.
18. E. Bertino and N. Islam, Botnets and Internet of Things Security, IEEE Computer. 50(2) (2017) 76–79.
19. S. Yu, Distributed Denial of Service Attack and Defense, Springer Briefs in Computer Science. 2(1) (2014) 1–91.
20. P. Cichonski, T. Millar, T. Grance and K. Scarfone, Computer Security Incident Handling Guide, NIST Special Publication 800-61. 9(2)
(2012) 1–147.
21. A. G. Rege and M. A. Shaikh, Cyber Resilience: A Review of Critical Infrastructure Protection Strategies, International Journal of Critical
Infrastructure Protection. 25(1) (2019) 100305
22. P. Mell and T. Grance, The NIST Definition of Cloud Computing, NIST Special Publication 800-145. 4(1) (2011) 1–7.
23. M. Bishop, Computer Security: Art and Science, Addison-Wesley Professional. 6(2) (2003) 1–1136.
24. N. Mavroeidis and S. Bromander, Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards and Ontologies within
Cyber Threat Intelligence, IEEE European Symposium on Security and Privacy Workshops. 5(3) (2017) 91–98.
25. S. Yu, P. Smith and A. Newell, Zero Trust Security: An Enterprise Guide, O’Reilly Media. 10(2) (2021) 1–220.
Related Articles
2026
Artificial Intelligence in Learning and Teaching
2026
Admin Assist: An AI – Driven Configuration and Orchestration for Enterprise Application
2026
Enhancing Blood Group Identification using pigeon inspired optimization: An Innovative Approach
2026
Eco-Genius: Power Up Smart, Power Down Waste
2026
Crowd-Sourced Disaster Response and Rescue Assistant
2026
