Identifying ATT&CK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability
To mitigate a malware threat it is important to understand the malware’s behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper is the first in providing an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a mal-ware executable. This methodology merges graph representation learning and tools for machine learning explanation.
Fairbanks, Jeffrey; Orbe, Andres; Patterson, Christine; Layne, Janet; Serra, Edoardo; and Scheepers, Marion. (2021). "Identifying ATT&CK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability". 2021 IEEE International Conference on Big Data (Big Data), 5602-5608. https://doi.org/10.1109/BigData52589.2021.9671343