Publication details

Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal

Authors

NOVÁK Pavel OUJEZSKÝ Václav

Year of publication 2024
Type Article in Proceedings
Conference 2024 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)
MU Faculty or unit

Faculty of Informatics

Citation
web https://ieeexplore.ieee.org/document/10721992
Doi http://dx.doi.org/10.23919/SoftCOM62040.2024.10721992
Keywords detection; gnn; heuristics; intelligence; malware; ransomware
Description This article addresses the significant and evolving threat of malware, particularly ransomware, to critical infrastructure sectors such as energy, banking, and food supply. Traditional detection methods that rely on specific indicators of compromise, like file hashes or IP addresses, can be easily circumvented by attackers. This paper presents a novel heuristic approach to malware detection using structured cyber threat intelligence data. By aggregating high-level indicators of compromise such as file modifications, registry key changes, and suspicious network communications, this method aims to identify malicious patterns indicative of malware behavior. The proposed detection system employs advanced machine learning techniques, including graph neural networks, to analyze these aggregated indicators of compromise. This approach enables earlier detection of malware, reduces the mean time to detect breaches, and minimizes false positives. The system utilizes the STIX data format for improved interoperability and analysis of cyber threat intelligence data.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info