Information Prediction using Knowledge Graphs for Contextual Malware
Threat Intelligence
- URL: http://arxiv.org/abs/2102.05571v1
- Date: Wed, 10 Feb 2021 17:08:09 GMT
- Title: Information Prediction using Knowledge Graphs for Contextual Malware
Threat Intelligence
- Authors: Nidhi Rastogi, Sharmishtha Dutta, Ryan Christian, Mohammad Zaki, Alex
Gittens, Charu Aggarwal
- Abstract summary: This paper proposes an end-to-end approach to generate a Malware Knowledge Graph called MalKG.
MalKG is the first open-source automated knowledge graph for malware threat intelligence.
For ground truth, we manually curate a knowledge graph called MT3K, with 3,027 triples generated from 5,741 unique entities and 22 relations.
- Score: 5.757836174655293
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Large amounts of threat intelligence information about mal-ware attacks are
available in disparate, typically unstructured, formats. Knowledge graphs can
capture this information and its context using RDF triples represented by
entities and relations. Sparse or inaccurate threat information, however, leads
to challenges such as incomplete or erroneous triples. Named entity recognition
(NER) and relation extraction (RE) models used to populate the knowledge graph
cannot fully guaran-tee accurate information retrieval, further exacerbating
this problem. This paper proposes an end-to-end approach to generate a Malware
Knowledge Graph called MalKG, the first open-source automated knowledge graph
for malware threat intelligence. MalKG dataset called MT40K1 contains
approximately 40,000 triples generated from 27,354 unique entities and 34
relations. We demonstrate the application of MalKGin predicting missing malware
threat intelligence information in the knowledge graph. For ground truth, we
manually curate a knowledge graph called MT3K, with 3,027 triples generated
from 5,741 unique entities and 22 relations. For entity prediction via a
state-of-the-art entity prediction model(TuckER), our approach achieves 80.4
for the hits@10 metric (predicts the top 10 options for missing entities in the
knowledge graph), and 0.75 for the MRR (mean reciprocal rank). We also propose
a framework to automate the extraction of thousands of entities and relations
into RDF triples, both manually and automatically, at the sentence level
from1,100 malware threat intelligence reports and from the com-mon
vulnerabilities and exposures (CVE) database.
Related papers
- MultiKG: Multi-Source Threat Intelligence Aggregation for High-Quality Knowledge Graph Representation of Attack Techniques [7.4166591335540595]
We propose MultiKG, a fully automated framework that integrates multiple threat knowledge sources.
We implemented MultiKG and evaluated it using 1,015 real attack techniques and 9,006 attack intelligence entries from CTI reports.
Results show that MultiKG effectively extracts attack knowledge graphs from diverse sources and aggregates them into accurate, comprehensive representations.
arXiv Detail & Related papers (2024-11-13T06:15:48Z) - KGV: Integrating Large Language Models with Knowledge Graphs for Cyber Threat Intelligence Credibility Assessment [38.312774244521]
We propose a knowledge graph-based verifier for Cyber Threat Intelligence (CTI) quality assessment framework.
Our approach introduces Large Language Models (LLMs) to automatically extract OSCTI key claims to be verified.
To fill the gap in the research field, we created and made public the first dataset for threat intelligence assessment from heterogeneous sources.
arXiv Detail & Related papers (2024-08-15T11:32:46Z) - KERMIT: Knowledge Graph Completion of Enhanced Relation Modeling with Inverse Transformation [19.31783654838732]
We use large language models to generate coherent descriptions, bridging the semantic gap between queries and answers.
We also utilize inverse relations to create a symmetric graph, thereby providing augmented training samples for KGC.
Our approach achieves a 4.2% improvement in Hit@1 on WN18RR and a 3.4% improvement in Hit@3 on FB15k-237, demonstrating superior performance.
arXiv Detail & Related papers (2023-09-26T09:03:25Z) - Normalizing Flow-based Neural Process for Few-Shot Knowledge Graph
Completion [69.55700751102376]
Few-shot knowledge graph completion (FKGC) aims to predict missing facts for unseen relations with few-shot associated facts.
Existing FKGC methods are based on metric learning or meta-learning, which often suffer from the out-of-distribution and overfitting problems.
In this paper, we propose a normalizing flow-based neural process for few-shot knowledge graph completion (NP-FKGC)
arXiv Detail & Related papers (2023-04-17T11:42:28Z) - Dynamic Graph Enhanced Contrastive Learning for Chest X-ray Report
Generation [92.73584302508907]
We propose a knowledge graph with Dynamic structure and nodes to facilitate medical report generation with Contrastive Learning.
In detail, the fundamental structure of our graph is pre-constructed from general knowledge.
Each image feature is integrated with its very own updated graph before being fed into the decoder module for report generation.
arXiv Detail & Related papers (2023-03-18T03:53:43Z) - Ontology-driven Knowledge Graph for Android Malware [1.4856472820492366]
MalONT2.0 allows researchers to extensively capture classes and relations that gather semantic and syntactic characteristics of an android malware attack.
M Malware features have been extracted from CTI reports on android threat intelligence shared on the Internet and written in the form of unstructured text.
The smallest unit of information that captures malware features is written as triples comprising head and tail entities, each connected with a relation.
arXiv Detail & Related papers (2021-09-03T14:12:07Z) - Learning Intents behind Interactions with Knowledge Graph for
Recommendation [93.08709357435991]
Knowledge graph (KG) plays an increasingly important role in recommender systems.
Existing GNN-based models fail to identify user-item relation at a fine-grained level of intents.
We propose a new model, Knowledge Graph-based Intent Network (KGIN)
arXiv Detail & Related papers (2021-02-14T03:21:36Z) - Type-augmented Relation Prediction in Knowledge Graphs [65.88395564516115]
We propose a type-augmented relation prediction (TaRP) method, where we apply both the type information and instance-level information for relation prediction.
Our proposed TaRP method achieves significantly better performance than state-of-the-art methods on four benchmark datasets.
arXiv Detail & Related papers (2020-09-16T21:14:18Z) - MALOnt: An Ontology for Malware Threat Intelligence [19.57441168490977]
Malware threat intelligence uncovers deep information about malware, threat actors, and their tactics.
MALOnt allows structured extraction of information and knowledge graph generation.
arXiv Detail & Related papers (2020-06-20T00:25:07Z) - Stealing Links from Graph Neural Networks [72.85344230133248]
Recently, neural networks were extended to graph data, which are known as graph neural networks (GNNs)
Due to their superior performance, GNNs have many applications, such as healthcare analytics, recommender systems, and fraud detection.
We propose the first attacks to steal a graph from the outputs of a GNN model that is trained on the graph.
arXiv Detail & Related papers (2020-05-05T13:22:35Z) - ENT-DESC: Entity Description Generation by Exploring Knowledge Graph [53.03778194567752]
In practice, the input knowledge could be more than enough, since the output description may only cover the most significant knowledge.
We introduce a large-scale and challenging dataset to facilitate the study of such a practical scenario in KG-to-text.
We propose a multi-graph structure that is able to represent the original graph information more comprehensively.
arXiv Detail & Related papers (2020-04-30T14:16:19Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.