Journal of Engineering Research and Reports

This study introduces a novel Multilevel Clustering Framework designed for automated threat attribution and categorization across various industries using a comprehensive dataset from the MITRE ATT&CK repository. The methodology integrates K-means Clustering, Hierarchical Clustering, and Fuzzy C-means to address key limitations of traditional models, including inadequate adaptability, scalability, and robustness to noise. By employing a three-stage clustering process, the framework ensures improved detection accuracy, robustness against noise, and cross-industry applicability. The concept of Generalized Attack Patterns refers to commonly occurring attack vectors and techniques that transcend specific industries, allowing for a unified approach to threat detection. Unlike traditional clustering models that are constrained by sector-specific characteristics, the proposed framework effectively identifies and categorizes both industry-specific and generalized threats with high accuracy. Quantitative evaluation across healthcare, finance, telecommunications, manufacturing, and critical infrastructure demonstrates the framework’s effectiveness, achieving a Classification Accuracy of 0.90, Robustness to Noise of 0.83, Adaptability Index of 0.87, and Cross-Industry Applicability of 0.85. However, the Telecommunications sector showed comparatively lower performance, with a Jaccard Index of 0.74, indicating challenges in clustering highly dynamic datasets. Recommendations include implementing customized pre-processing techniques for telecommunications, incorporating hybrid models in finance, refining algorithms for critical infrastructure, and integrating real-time data for cross-industry applications.