https://scholars.lib.ntu.edu.tw/handle/123456789/608049
標題: | Open Source Intelligence for Malicious Behavior Discovery and Interpretation | 作者: | Huang Y Lin C.Y Guo Y Lo K YEALI SUN Chen M.C. |
關鍵字: | Analytical models;Computer security;cyber threat intelligence;dynamic analysis;Labeling;Malware;malware behavior analysis;MITRE ATT&CK framework;Neural networks;Semantics;Special issues and sections;Deep learning;Behavior analysis;CK framework;Cybe threat intelligence;Cyber threats;Dynamics analysis;Labelings;Malware behavior analyse;Malware behaviors;Neural-networks;Special issue and section | 公開日期: | 2022 | 卷: | 19 | 期: | 2 | 起(迄)頁: | 776 - 789 | 來源出版物: | IEEE Transactions on Dependable and Secure Computing | 摘要: | Cyber threats are one of the most pressing issues in the digital age. There has been a consensus on deploying a proactive defense to effectively detect and respond to adversary threats. The key to success is understanding the characteristics of malware, including their activities and manipulated resources on the target machines. The MITRE ATT&CK framework (ATT&CK), a popular source of open source intelligence (OSINT), provides rich information and knowledge about adversary lifecycles and attack behaviors. The main challenges of this study involve knowledge collection from ATT&CK, malicious behavior identification using deep learning, and the identification of associated API calls. A MITRE ATT&CK based Malicious Behavior Analysis system (MAMBA) for Windows malware is proposed, which incorporates ATT&CK knowledge and considers attentions on manipulated resources and malicious activities in the neural network model. To synchronize ATT&CK updates in a timely manner, knowledge collection can be an automatic and incremental process. Given these features, MAMBA achieves the best performance of malicious behavior discovery among all the compared learning-based methods and rule-based approaches on all datasets; it also yields a highly interpretable mapping from the discovered malicious behaviors to relevant ATT&CK techniques, as well as to the related API calls. IEEE |
URI: | https://www.scopus.com/inward/record.uri?eid=2-s2.0-85117295404&doi=10.1109%2fTDSC.2021.3119008&partnerID=40&md5=11f274dd721f31bb5cfdf18984703bcb https://scholars.lib.ntu.edu.tw/handle/123456789/608049 |
ISSN: | 15455971 | DOI: | 10.1109/TDSC.2021.3119008 |
顯示於: | 資訊管理學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。