Ontology-driven Knowledge Graph for Android Malware

• URL: http://arxiv.org/abs/2109.01544v1
• Date: Fri, 3 Sep 2021 14:12:07 GMT
• Title: Ontology-driven Knowledge Graph for Android Malware
• Authors: Ryan Christian, Sharmishtha Dutta, Youngja Park, Nidhi Rastogi
• Abstract summary: MalONT2.0 allows researchers to extensively capture classes and relations that gather semantic and syntactic characteristics of an android malware attack. M Malware features have been extracted from CTI reports on android threat intelligence shared on the Internet and written in the form of unstructured text. The smallest unit of information that captures malware features is written as triples comprising head and tail entities, each connected with a relation.
• Score: 1.4856472820492366
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: We present MalONT2.0 -- an ontology for malware threat intelligence \cite{rastogi2020malont}. New classes (attack patterns, infrastructural resources to enable attacks, malware analysis to incorporate static analysis, and dynamic analysis of binaries) and relations have been added following a broadened scope of core competency questions. MalONT2.0 allows researchers to extensively capture all requisite classes and relations that gather semantic and syntactic characteristics of an android malware attack. This ontology forms the basis for the malware threat intelligence knowledge graph, MalKG, which we exemplify using three different, non-overlapping demonstrations. Malware features have been extracted from CTI reports on android threat intelligence shared on the Internet and written in the form of unstructured text. Some of these sources are blogs, threat intelligence reports, tweets, and news articles. The smallest unit of information that captures malware features is written as triples comprising head and tail entities, each connected with a relation. In the poster and demonstration, we discuss MalONT2.0, MalKG, as well as the dynamically growing knowledge graph, TINKER.

Related papers

• Exploring Large Language Models for Semantic Analysis and Categorization of Android Malware [0.0]
  msp is designed to augment malware analysis for Android through a hierarchical-tiered summarization chain and strategic prompt engineering. msp can achieve up to 77% classification accuracy while providing highly robust summaries at functional, class, and package levels.
  arXiv  Detail & Related papers  (2025-01-08T21:22:45Z)
• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis [48.5877840394508]
  In recent years there has been a shift from quantifications-based malware detection towards machine learning. We propose to address the deficiencies in the space of similarity research on binary files, starting from EMBER. We enhance EMBER with similarity information as well as malware class tags, to enable further research in the similarity space.
  arXiv  Detail & Related papers  (2023-10-03T06:58:45Z)
• GreaseLM: Graph REASoning Enhanced Language Models for Question Answering [159.9645181522436]
  GreaseLM is a new model that fuses encoded representations from pretrained LMs and graph neural networks over multiple layers of modality interaction operations. We show that GreaseLM can more reliably answer questions that require reasoning over both situational constraints and structured knowledge, even outperforming models 8x larger.
  arXiv  Detail & Related papers  (2022-01-21T19:00:05Z)
• Using Static and Dynamic Malware features to perform Malware Ascription [0.0]
  We employ various Static and Dynamic features of malicious executables to classify malware based on their family. We leverage Cuckoo Sandbox and machine learning to make progress in this research.
  arXiv  Detail & Related papers  (2021-12-05T18:01:09Z)
• A Novel Malware Detection Mechanism based on Features Extracted from Converted Malware Binary Images [0.22843885788439805]
  We use malware binary images and then extract different features from the same and then employ different ML-classifiers on the dataset thus obtained. We show that this technique is successful in differentiating classes of malware based on the features extracted.
  arXiv  Detail & Related papers  (2021-04-14T06:55:52Z)
• Information Prediction using Knowledge Graphs for Contextual Malware Threat Intelligence [5.757836174655293]
  This paper proposes an end-to-end approach to generate a Malware Knowledge Graph called MalKG. MalKG is the first open-source automated knowledge graph for malware threat intelligence. For ground truth, we manually curate a knowledge graph called MT3K, with 3,027 triples generated from 5,741 unique entities and 22 relations.
  arXiv  Detail & Related papers  (2021-02-10T17:08:09Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)
• InfoBERT: Improving Robustness of Language Models from An Information Theoretic Perspective [84.78604733927887]
  Large-scale language models such as BERT have achieved state-of-the-art performance across a wide range of NLP tasks. Recent studies show that such BERT-based models are vulnerable facing the threats of textual adversarial attacks. We propose InfoBERT, a novel learning framework for robust fine-tuning of pre-trained language models.
  arXiv  Detail & Related papers  (2020-10-05T20:49:26Z)
• MALOnt: An Ontology for Malware Threat Intelligence [19.57441168490977]
  Malware threat intelligence uncovers deep information about malware, threat actors, and their tactics. MALOnt allows structured extraction of information and knowledge graph generation.
  arXiv  Detail & Related papers  (2020-06-20T00:25:07Z)
• Stealing Links from Graph Neural Networks [72.85344230133248]
  Recently, neural networks were extended to graph data, which are known as graph neural networks (GNNs) Due to their superior performance, GNNs have many applications, such as healthcare analytics, recommender systems, and fraud detection. We propose the first attacks to steal a graph from the outputs of a GNN model that is trained on the graph.
  arXiv  Detail & Related papers  (2020-05-05T13:22:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.