Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)

Jeffrey Fairbanks; Andres Orbe; Christine Patterson; Edoardo Serra; Marion Scheepers

Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)

Jeffrey Fairbanks, Andres Orbe, Christine Patterson, Edoardo Serra, Marion Scheepers

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper provides an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a malware executable. This methodology merges graph representation learning and tools for machine learning explanation.

Original language	English
Title of host publication	IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations
Pages	12941-12942
Number of pages	2
ISBN (Electronic)	1577358767, 9781577358763
State	Published - 30 Jun 2022
Event	36th AAAI Conference on Artificial Intelligence, AAAI 2022 - Virtual, Online Duration: 22 Feb 2022 → 1 Mar 2022

Publication series

Name	Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022
Volume	36

Conference

Conference	36th AAAI Conference on Artificial Intelligence, AAAI 2022
City	Virtual, Online
Period	22/02/22 → 1/03/22

Cite this

Fairbanks, J., Orbe, A., Patterson, C., Serra, E., & Scheepers, M. (2022). Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract). In IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations (pp. 12941-12942). (Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022; Vol. 36).

Fairbanks, Jeffrey ; Orbe, Andres ; Patterson, Christine et al. / Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract). IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations. 2022. pp. 12941-12942 (Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022).

@inproceedings{894fa03c4a41455cb6f70b0cce2e23e2,

title = "Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)",

abstract = "To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper provides an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a malware executable. This methodology merges graph representation learning and tools for machine learning explanation.",

author = "Jeffrey Fairbanks and Andres Orbe and Christine Patterson and Edoardo Serra and Marion Scheepers",

note = "Publisher Copyright: Copyright {\textcopyright} 2022, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; 36th AAAI Conference on Artificial Intelligence, AAAI 2022 ; Conference date: 22-02-2022 Through 01-03-2022",

year = "2022",

month = jun,

day = "30",

language = "English",

series = "Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022",

pages = "12941--12942",

booktitle = "IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations",

}

Fairbanks, J, Orbe, A, Patterson, C, Serra, E & Scheepers, M 2022, Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract). in IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations. Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022, vol. 36, pp. 12941-12942, 36th AAAI Conference on Artificial Intelligence, AAAI 2022, Virtual, Online, 22/02/22.

Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract). / Fairbanks, Jeffrey; Orbe, Andres; Patterson, Christine et al.
IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations. 2022. p. 12941-12942 (Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022; Vol. 36).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)

AU - Fairbanks, Jeffrey

AU - Orbe, Andres

AU - Patterson, Christine

AU - Serra, Edoardo

AU - Scheepers, Marion

PY - 2022/6/30

Y1 - 2022/6/30

N2 - To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper provides an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a malware executable. This methodology merges graph representation learning and tools for machine learning explanation.

AB - To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper provides an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a malware executable. This methodology merges graph representation learning and tools for machine learning explanation.

UR - http://www.scopus.com/inward/record.url?scp=85147602946&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85147602946

T3 - Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022

SP - 12941

EP - 12942

BT - IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations

T2 - 36th AAAI Conference on Artificial Intelligence, AAAI 2022

Y2 - 22 February 2022 through 1 March 2022

ER -

Fairbanks J, Orbe A, Patterson C, Serra E , Scheepers M. Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract). In IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations. 2022. p. 12941-12942. (Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022).

Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this