Knowledge Enrichment by Fusing Representations for Malware Threat Intelligence and Behavior

Aritran Piplai; Sudip Mittal; Mahmoud Abdelsalam; Maanak Gupta; Anupam Joshi; Tim Finin

IEEE Intelligence and Security Informatics (ISI) 2020

Knowledge Enrichment by Fusing Representations for Malware Threat Intelligence and Behavior

Aritran Piplai, Sudip Mittal, Mahmoud Abdelsalam, Maanak Gupta, Anupam Joshi, and Tim Finin

November 15, 2020

Security engineers and researchers use their disparate knowledge and discretion to identify malware present in a system. Sometimes, they may also use previously extracted knowledge and available Cyber Threat Intelligence (CTI), about known attacks to establish a pattern. To aid in this process, they need knowledge about malware behavior mapped to the available CTI. Such mappings enrich our CKG and also helps in the verification of the information. In this paper, we retrieve malware samples and execute them in a local system. The tracked malware behavior is represented in our Cybersecurity Knowledge Graph (CKG), so that a security professional can reason with behavioral information present in the knowledge graph, draw parallels with that information. We also merge the behavioral information with knowledge extracted from CTI sources like technical reports and blogs about the same malware so that we can significantly improve the reasoning capabilities of our CKG.

433114 bytes

BibTeX OWL Tweet Scholar

Type: InProceedings

Downloads: 495 downloads