Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability

Authors

Jeffrey Fairbanks, Northwest Nazarene University
Andres Orbe, Department of Computer Science
Christine Patterson, Boise State University
Janet Layne, College of Engineering
Edoardo Serra, College of Engineering
Marion Scheepers, Boise State University

Document Type

Conference Proceeding

Publication Date

1-1-2021

Abstract

To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATTACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper is the first in providing an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a mal-ware executable. This methodology merges graph representation learning and tools for machine learning explanation.

Identifier

85125360808 (Scopus)

ISBN

[9781665439022]

Publication Title

Proceedings 2021 IEEE International Conference on Big Data Big Data 2021

External Full Text Location

https://doi.org/10.1109/BigData52589.2021.9671343

First Page

5602

Last Page

5608

Grant

22-001

Fund Ref

National Science Foundation

Recommended Citation

Fairbanks, Jeffrey; Orbe, Andres; Patterson, Christine; Layne, Janet; Serra, Edoardo; and Scheepers, Marion, "Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability" (2021). Faculty Publications. 4652.
https://digitalcommons.njit.edu/fac_pubs/4652