Table 1 Comparative analysis of existing adversary emulation Frameworks.
Study | Methodological Focus | Integration of MITRE ATT&CK | Relevance to AD | Technique Prioritization | Emulation Fidelity |
|---|---|---|---|---|---|
Network interaction simulation | None | Low | Not applicable | Abstracted (session-based) | |
Attack documentation/replication | Explicit mapping to TTPs | Conditional | Not applicable | Medium | |
Automated post-compromise emulation | Full ATT&CK TTP library | High | Implicit via goal planning | High | |
Endpoint defense evaluation under stealth constraints | ATT&CK-aligned TTP execution | High | Implicit by evasion logic | High | |
Evasion-focused low-level emulation | Direct TTP injection | Moderate | Not applicable | High | |
Objective-driven multi-path attack planning | Derived from ATT&CK objectives | Moderate | Implicit (goal-to-TTP compilation) | Medium |
