Open Access

ARTICLE

MITRE ATT&CK-Driven Threat Analysis for Edge-IoT Environment and a Quantitative Risk Scoring Model

Tae-hyeon Yun¹, Moohong Min^2,*

1 Department of Computer Education, Sungkyunkwan University, Seoul, 03063, Republic of Korea
2 Department of Computer Education/Social Innovation Convergence Program, Sungkyunkwan University, Seoul, 03063, Republic of Korea

* Corresponding Author: Moohong Min. Email:

(This article belongs to the Special Issue: Cutting-Edge Security and Privacy Solutions for Next-Generation Intelligent Mobile Internet Technologies and Applications)

Computer Modeling in Engineering & Sciences 2025, 145(2), 2707-2731. https://doi.org/10.32604/cmes.2025.072357

Received 25 August 2025; Accepted 27 October 2025; Issue published 26 November 2025

Abstract

The dynamic, heterogeneous nature of Edge computing in the Internet of Things (Edge-IoT) and Industrial IoT (IIoT) networks brings unique and evolving cybersecurity challenges. This study maps cyber threats in Edge-IoT/IIoT environments to the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework by MITRE and introduces a lightweight, data-driven scoring model that enables rapid identification and prioritization of attacks. Inspired by the Factor Analysis of Information Risk model, our proposed scoring model integrates four key metrics: Common Vulnerability Scoring System (CVSS)-based severity scoring, Cyber Kill Chain–based difficulty estimation, Deep Neural Networks-driven detection scoring, and frequency analysis based on dataset prevalence. By aggregating these indicators, the model generates comprehensive risk profiles, facilitating actionable prioritization of threats. Robustness and stability of the scoring model are validated through non-parametric correlation analysis using Spearman’s and Kendall’s rank correlation coefficients, demonstrating consistent performance across diverse scenarios. The approach culminates in a prioritized attack ranking that provides actionable guidance for risk mitigation and resource allocation in Edge-IoT/IIoT security operations. By leveraging real-world data to align MITRE ATT&CK techniques with CVSS metrics, the framework offers a standardized and practically applicable solution for consistent threat assessment in operational settings. The proposed lightweight scoring model delivers rapid and reliable results under dynamic cyber conditions, facilitating timely identification of attack scenarios and prioritization of response strategies. Our systematic integration of established taxonomies with data-driven indicators strengthens practical risk management and supports strategic planning in next-generation IoT deployments. Ultimately, this work advances adaptive threat modeling for Edge/IIoT ecosystems and establishes a robust foundation for evidence-based prioritization in emerging cyber-physical infrastructures.

---

Keywords

---