Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F24%3A00139901" target="_blank" >RIV/00216224:14330/24:00139901 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.23919/SoftCOM62040.2024.10721992" target="_blank" >http://dx.doi.org/10.23919/SoftCOM62040.2024.10721992</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.23919/SoftCOM62040.2024.10721992" target="_blank" >10.23919/SoftCOM62040.2024.10721992</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal

Popis výsledku v původním jazyce

This article addresses the significant and evolving threat of malware, particularly ransomware, to critical infrastructure sectors such as energy, banking, and food supply. Traditional detection methods that rely on specific indicators of compromise, like file hashes or IP addresses, can be easily circumvented by attackers. This paper presents a novel heuristic approach to malware detection using structured cyber threat intelligence data. By aggregating high-level indicators of compromise such as file modifications, registry key changes, and suspicious network communications, this method aims to identify malicious patterns indicative of malware behavior. The proposed detection system employs advanced machine learning techniques, including graph neural networks, to analyze these aggregated indicators of compromise. This approach enables earlier detection of malware, reduces the mean time to detect breaches, and minimizes false positives. The system utilizes the STIX data format for improved interoperability and analysis of cyber threat intelligence data.

Název v anglickém jazyce

Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal

Popis výsledku anglicky

This article addresses the significant and evolving threat of malware, particularly ransomware, to critical infrastructure sectors such as energy, banking, and food supply. Traditional detection methods that rely on specific indicators of compromise, like file hashes or IP addresses, can be easily circumvented by attackers. This paper presents a novel heuristic approach to malware detection using structured cyber threat intelligence data. By aggregating high-level indicators of compromise such as file modifications, registry key changes, and suspicious network communications, this method aims to identify malicious patterns indicative of malware behavior. The proposed detection system employs advanced machine learning techniques, including graph neural networks, to analyze these aggregated indicators of compromise. This approach enables earlier detection of malware, reduces the mean time to detect breaches, and minimizes false positives. The system utilizes the STIX data format for improved interoperability and analysis of cyber threat intelligence data.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/VK01030030" target="_blank" >VK01030030: Systém pro zálohování a ukládání dat s integrovanou aktivní ochranou proti kybernetickým hrozbám</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2024 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)

ISBN

9798350354614

ISSN

—

e-ISSN

1847-358X

Počet stran výsledku

6

Strana od-do

380-385

Název nakladatele

IEEE

Místo vydání

Croatia

Místo konání akce

Bol, Brac, Croatia

Datum konání akce

1. 1. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—