MITRE-CAPE-2026: A Novel Dataset for Cyber Attackers Profiling Enhancement
- 2026 ICEENG International Conference for Innovations in Intelligent Computing and Cybersecurity (IICC) : 1-6
Résumé
Experimental cybersecurity research has traditionally relied on using datasets to train intrusion detection systems (IDS). However, current solutions suffer from outdated reference data and an event-centric approach limited to binary traffic classification or attack type identification. This article argues that threat anticipation requires a paradigm shift toward attacker profiling. Following a critical review of existing cybersecurity datasets, we introduce a novel dataset for Cyber Attackers Profiling Enhancement (MITRE-CAPE-2026), an dataset constructed from the execution of attack scenarios derived from the Atomic Red Team platform on a T-Pot–based deceptive infrastructure. The collected data were subsequently labeled according to the MITRE ATT&CK framework. The resulting dataset comprises 1,918 attack scenarios collected across Linux, Windows, macOS, and cloud environments, covering 329 MITRE ATT&CK techniques and tactics. Unlike existing datasets, MITRE-CAPE-2026 incorporates explicit behavioral labeling into nine attacker profiles: CyberExplorer, CyberExpert, CyberAPT, Cybercriminal, CyberAutomated, CyberOpportunist, CyberDestroyer, CyberSpy and CyberInsider.
Mots-clés
Cybersecurity , Dataset , Attacker Profiling , BERT Model