Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)

Authors

Jeffrey Fairbanks, Northwest Nazarene University
Andres Orbe, New Jersey Institute of Technology
Christine Patterson, Boise State University
Edoardo Serra, Boise State University
Marion Scheepers, Boise State University

Document Type

Conference Proceeding

Publication Date

6-30-2022

Abstract

To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper provides an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a malware executable. This methodology merges graph representation learning and tools for machine learning explanation.

Identifier

85147602946 (Scopus)

ISBN

[1577358767, 9781577358763]

Publication Title

Proceedings of the 36th Aaai Conference on Artificial Intelligence Aaai 2022

External Full Text Location

https://doi.org/10.1609/aaai.v36i11.21607

First Page

12941

Last Page

12942

Volume

36

Grant

22-001

Fund Ref

National Science Foundation

Recommended Citation

Fairbanks, Jeffrey; Orbe, Andres; Patterson, Christine; Serra, Edoardo; and Scheepers, Marion, "Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)" (2022). Faculty Publications. 2872.
https://digitalcommons.njit.edu/fac_pubs/2872