MITRE CAPEC™
This section details MITRE Common Attack Pattern Enumeration and Classification (MITRE CAPEC™). [1]
Summary
MITRE CAPEC™ is a comprehensive catalogue of known attack patterns employed by adversaries to exploit known weaknesses. Attack patterns describe the common mechanisms, approaches, and methods adversaries use to compromise a system.
Relationships
Attack patterns are organized hierarchically. At the highest abstraction level, Categories group patterns sharing common characteristics. These cascade down into abstract Meta patterns, and finally into highly specific Standard and Detailed patterns focused on a particular execution methodology.
Anatomy of an Attack Pattern
When examining a specific attack pattern (such as CAPEC-151: Identity Spoofing), the framework provides a highly structured breakdown of the adversary’s approach. Key sections typically include:
- Description: A summary of the attack mechanism and its objectives (often accompanied by an Extended Description for additional context).
- Likelihood Of Attack: The probability of the attack occurring.
- Typical Severity: The typical impact of the attack.
- Relationships: How the pattern connects to other CAPEC patterns (e.g., ParentOf, PeerOf, CanFollow).
- Prerequisites: The environmental conditions that must exist.
- Resources Required: Specific resources required by the attacker.
- Consequences: The resulting impact on system properties such as Confidentiality, Integrity, and Access Control.
- Mitigations: Actionable security controls and defensive strategies to neutralize the attack.
- Related Weaknesses: Direct mappings to the underlying MITRE CWE™ flaws that the pattern targets.
Mapping to SCF C|P-RMM
To map the concepts of MITRE CAPEC™ to the SCF C|P-RMM framework, one must align the methodology of an attack with the exploitation of a system’s defenses.
1. Attack Patterns Vs Threats
In SCF C|P-RMM, Risk materializes when a Threat successfully exploits a Vulnerability (a control deficiency).
MITRE CAPEC™ essentially catalogs the methodologies and mechanisms of precisely how that exploitation occurs. An Attack Pattern describes the exact process a Threat actor uses to leverage a specific Vulnerability (which is often defined by a MITRE CWE™).
2. Mitigations Vs Controls
Just as SCF C|P-RMM relies on Controls to mitigate Vulnerabilities, each CAPEC Attack Pattern provides specific, actionable Mitigations.
Critique
Like most MITRE frameworks, MITRE CAPEC™ was primarily developed with traditional enterprise software, web applications, and network infrastructure in mind. While it accurately maps broad concepts like “Injection” or “Data Manipulation,” it often lacks the specialized depth required to natively model highly nuanced GenAI and Large Language Model (LLM) vectors, such as complex semantic prompt injection or model jailbreaking. Consequently, while CAPEC remains an excellent conceptual resource for understanding fundamental attack mechanics, securing modern agentic applications necessitates using it in conjunction with GenAI-focused frameworks like MITRE ATLAS™ and OWASP Top 10 for Large Language Model Applications.