Knowledge Enrichment by Fusing Representations for Malware Threat Intelligence and Behavior
October 1, 2020
Security engineers and researchers use their disparate knowledge and discretion to identify malware present in a system. Sometimes, they may also use previously extracted knowledge and available Cyber Threat Intelligence (CTI), about known attacks to establish a pattern. To aid in this process, they need knowledge about malware behavior mapped to the available CTI. Such mappings enrich our CKG and also helps in the verification of the information. In this paper, we retrieve malware samples and execute them in a local system. The tracked malware behavior is represented in our Cybersecurity Knowledge Graph (CKG), so that a security professional can reason with behavioral information present in the knowledge graph, draw parallels with that information. We also merge the behavioral information with knowledge extracted from CTI sources like technical reports and blogs about the same malware so that we can significantly improve the reasoning capabilities of our CKG.
Downloads: 66 downloads