Comparative Analysis of the Effectiveness of MITRE D3FEND and CIS Controls Frameworks in Mitigating LockBit 3.0 TTP Attacks

Santoso, Syahbagus Radithya Haryo (2026) Comparative Analysis of the Effectiveness of MITRE D3FEND and CIS Controls Frameworks in Mitigating LockBit 3.0 TTP Attacks. Undergraduate thesis, UPN Veteran Jawa Timur.

[img] Text (Cover)
22081010255.-cover.pdf
Download (4MB)
[img] Text (Bab 1)
22081010255.-bab1.pdf
Download (90kB)
[img] Text (Bab 2)
22081010255.-bab2.pdf
Restricted to Repository staff only until 22 June 2028.
Download (750kB)
[img] Text (Bab 3)
22081010255.-bab3.pdf
Restricted to Repository staff only until 22 June 2028.
Download (380kB)
[img] Text (Bab 4)
22081010255.-bab4.pdf
Restricted to Repository staff only until 22 June 2028.
Download (2MB)
[img] Text (Bab 5)
22081010255.-bab5.pdf
Download (60kB)
[img] Text (Daftar Pustaka)
22081010255.-daftarpustaka.pdf
Download (126kB)
[img] Text (Lampiran)
22081010255.-lampiran.pdf
Restricted to Repository staff only until 22 June 2028.
Download (708kB)

Abstract

Ransomware remains one of the most critical threats to organizational data integrity, with LockBit 3.0 emerging as a highly sophisticated variant utilizing complex Tactics, Techniques, and Procedures (TTPs). This study evaluates and compares the defensive effectiveness of two prominent cybersecurity frameworks, MITRE D3FEND and CIS Controls, in mitigating LockBit 3.0 attacks. Using a quantitative experimental methodology, the research was conducted within a controlled virtual environment consisting of a Windows 11 target and a Kali Linux attacker. The attack scenario encompassed four critical stages: Credential Access (T1003.002), Lateral Movement (T1021.002), Defense Evasion (T1562.001), and Data Encryption Impact (T1486). The experimental results demonstrated that the baseline system without security implementations was entirely vulnerable (0% effectiveness). Implementing the MITRE D3FEND framework achieved an effectiveness score of 75%, successfully mitigating Lateral Movement, Defense Evasion, and Impact, but failing to prevent Credential Access due to its reliance on passive detection (D3-FA). In contrast, the CIS Controls framework achieved a perfect effectiveness score of 100% by successfully neutralizing the attack at the initial stage through strict access control (CIS Control 5.4). This study concludes that while MITRE D3FEND provides granular defensive mapping, CIS Controls offers a more robust and proactive defense-in-depth strategy against ransomware-based TTPs.

Item Type: Thesis (Undergraduate)
Contributors:
ContributionContributorsNIDN/NIDKEmail
Thesis advisorWahanani, Henni EndahNIDN0022097811henniendah.if@upnjatim.ac.id
Thesis advisorJunaidi, AchmadNIDN0710117803achmadjunaidi.if@upnjatim.ac.id
Subjects: Q Science > QA Mathematics > QA76.9 .A25 Computer Security
T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5105 Computer Network
Divisions: Faculty of Computer Science > Departemen of Informatics
Depositing User: Syahbagus Radithya Haryo Santoso
Date Deposited: 23 Jun 2026 06:15
Last Modified: 23 Jun 2026 06:15
URI: https://repository.upnjatim.ac.id/id/eprint/54117

Actions (login required)

View Item View Item