Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability

Jeffrey Fairbanks; Andres Orbe; Christine Patterson; Janet Layne; Edoardo Serra; Marion Scheepers

doi:10.1109/BigData52589.2021.9671343

Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability

Jeffrey Fairbanks, Andres Orbe, Christine Patterson, Janet Layne, Edoardo Serra, Marion Scheepers

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATTACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper is the first in providing an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a mal-ware executable. This methodology merges graph representation learning and tools for machine learning explanation.

Original language	English
Title of host publication	Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021
Editors	Yixin Chen, Heiko Ludwig, Yicheng Tu, Usama Fayyad, Xingquan Zhu, Xiaohua Tony Hu, Suren Byna, Xiong Liu, Jianping Zhang, Shirui Pan, Vagelis Papalexakis, Jianwu Wang, Alfredo Cuzzocrea, Carlos Ordonez
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	5602-5608
Number of pages	7
ISBN (Electronic)	9781665439022
DOIs	https://doi.org/10.1109/BigData52589.2021.9671343
State	Published - 2021
Event	2021 IEEE International Conference on Big Data, Big Data 2021 - Virtual, Online, United States Duration: 15 Dec 2021 → 18 Dec 2021

Publication series

Name	Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

Conference

Conference	2021 IEEE International Conference on Big Data, Big Data 2021
Country/Territory	United States
City	Virtual, Online
Period	15/12/21 → 18/12/21

Keywords

Control Flow Graph
Graph Representation Learning
Machine Learning Interpretability
Malware Tactics Classification

Access to Document

10.1109/BigData52589.2021.9671343

Cite this

Fairbanks, J., Orbe, A., Patterson, C., Layne, J., Serra, E., & Scheepers, M. (2021). Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability. In Y. Chen, H. Ludwig, Y. Tu, U. Fayyad, X. Zhu, X. T. Hu, S. Byna, X. Liu, J. Zhang, S. Pan, V. Papalexakis, J. Wang, A. Cuzzocrea, & C. Ordonez (Eds.), Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021 (pp. 5602-5608). (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData52589.2021.9671343

Fairbanks, Jeffrey ; Orbe, Andres ; Patterson, Christine et al. / Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability. Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. editor / Yixin Chen ; Heiko Ludwig ; Yicheng Tu ; Usama Fayyad ; Xingquan Zhu ; Xiaohua Tony Hu ; Suren Byna ; Xiong Liu ; Jianping Zhang ; Shirui Pan ; Vagelis Papalexakis ; Jianwu Wang ; Alfredo Cuzzocrea ; Carlos Ordonez. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 5602-5608 (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021).

@inproceedings{4820f7897540489b98a37b58e7507700,

title = "Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability",

abstract = "To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATTACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper is the first in providing an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a mal-ware executable. This methodology merges graph representation learning and tools for machine learning explanation.",

keywords = "Control Flow Graph, Graph Representation Learning, Machine Learning Interpretability, Malware Tactics Classification",

author = "Jeffrey Fairbanks and Andres Orbe and Christine Patterson and Janet Layne and Edoardo Serra and Marion Scheepers",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE International Conference on Big Data, Big Data 2021 ; Conference date: 15-12-2021 Through 18-12-2021",

year = "2021",

doi = "10.1109/BigData52589.2021.9671343",

language = "English",

series = "Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "5602--5608",

editor = "Yixin Chen and Heiko Ludwig and Yicheng Tu and Usama Fayyad and Xingquan Zhu and Hu, {Xiaohua Tony} and Suren Byna and Xiong Liu and Jianping Zhang and Shirui Pan and Vagelis Papalexakis and Jianwu Wang and Alfredo Cuzzocrea and Carlos Ordonez",

booktitle = "Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021",

}

Fairbanks, J, Orbe, A, Patterson, C, Layne, J, Serra, E & Scheepers, M 2021, Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability. in Y Chen, H Ludwig, Y Tu, U Fayyad, X Zhu, XT Hu, S Byna, X Liu, J Zhang, S Pan, V Papalexakis, J Wang, A Cuzzocrea & C Ordonez (eds), Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021, Institute of Electrical and Electronics Engineers Inc., pp. 5602-5608, 2021 IEEE International Conference on Big Data, Big Data 2021, Virtual, Online, United States, 15/12/21. https://doi.org/10.1109/BigData52589.2021.9671343

Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability. / Fairbanks, Jeffrey; Orbe, Andres; Patterson, Christine et al.
Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. ed. / Yixin Chen; Heiko Ludwig; Yicheng Tu; Usama Fayyad; Xingquan Zhu; Xiaohua Tony Hu; Suren Byna; Xiong Liu; Jianping Zhang; Shirui Pan; Vagelis Papalexakis; Jianwu Wang; Alfredo Cuzzocrea; Carlos Ordonez. Institute of Electrical and Electronics Engineers Inc., 2021. p. 5602-5608 (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability

AU - Fairbanks, Jeffrey

AU - Orbe, Andres

AU - Patterson, Christine

AU - Layne, Janet

AU - Serra, Edoardo

AU - Scheepers, Marion

PY - 2021

Y1 - 2021

N2 - To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATTACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper is the first in providing an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a mal-ware executable. This methodology merges graph representation learning and tools for machine learning explanation.

AB - To mitigate a malware threat it is important to understand the malware's behavior. The MITRE ATTACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper is the first in providing an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a mal-ware executable. This methodology merges graph representation learning and tools for machine learning explanation.

KW - Control Flow Graph

KW - Graph Representation Learning

KW - Machine Learning Interpretability

KW - Malware Tactics Classification

UR - http://www.scopus.com/inward/record.url?scp=85125360808&partnerID=8YFLogxK

U2 - 10.1109/BigData52589.2021.9671343

DO - 10.1109/BigData52589.2021.9671343

M3 - Conference contribution

AN - SCOPUS:85125360808

T3 - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

SP - 5602

EP - 5608

BT - Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021

A2 - Chen, Yixin

A2 - Ludwig, Heiko

A2 - Tu, Yicheng

A2 - Fayyad, Usama

A2 - Zhu, Xingquan

A2 - Hu, Xiaohua Tony

A2 - Byna, Suren

A2 - Liu, Xiong

A2 - Zhang, Jianping

A2 - Pan, Shirui

A2 - Papalexakis, Vagelis

A2 - Wang, Jianwu

A2 - Cuzzocrea, Alfredo

A2 - Ordonez, Carlos

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 IEEE International Conference on Big Data, Big Data 2021

Y2 - 15 December 2021 through 18 December 2021

ER -

Fairbanks J, Orbe A, Patterson C, Layne J, Serra E , Scheepers M. Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability. In Chen Y, Ludwig H, Tu Y, Fayyad U, Zhu X, Hu XT, Byna S, Liu X, Zhang J, Pan S, Papalexakis V, Wang J, Cuzzocrea A, Ordonez C, editors, Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 5602-5608. (Proceedings - 2021 IEEE International Conference on Big Data, Big Data 2021). doi: 10.1109/BigData52589.2021.9671343

Identifying ATTCK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this