Heuristic Malware Detection Method Based on Structured CTI
Data: A Research Study and Proposal

D 2024

Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal

NOVÁK, Pavel a Václav OUJEZSKÝ

Základní údaje

Originální název

Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal

Autoři

NOVÁK, Pavel (203 Česká republika, domácí) a Václav OUJEZSKÝ (203 Česká republika, garant, domácí)

Vydání

Croatia, 2024 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), od s. 380-385, 6 s. 2024

Nakladatel

IEEE

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

20203 Telecommunications

Stát vydavatele

Chorvatsko

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Organizační jednotka

Fakulta informatiky

ISBN

979-8-3503-5461-4

DOI

http://dx.doi.org/10.23919/SoftCOM62040.2024.10721992

Klíčová slova anglicky

detection; gnn; heuristics; intelligence; malware; ransomware

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 4. 4. 2025 13:03, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

This article addresses the significant and evolving threat of malware, particularly ransomware, to critical infrastructure sectors such as energy, banking, and food supply. Traditional detection methods that rely on specific indicators of compromise, like file hashes or IP addresses, can be easily circumvented by attackers. This paper presents a novel heuristic approach to malware detection using structured cyber threat intelligence data. By aggregating high-level indicators of compromise such as file modifications, registry key changes, and suspicious network communications, this method aims to identify malicious patterns indicative of malware behavior. The proposed detection system employs advanced machine learning techniques, including graph neural networks, to analyze these aggregated indicators of compromise. This approach enables earlier detection of malware, reduces the mean time to detect breaches, and minimizes false positives. The system utilizes the STIX data format for improved interoperability and analysis of cyber threat intelligence data.

Návaznosti

VK01030030, projekt VaV

Název: Systém pro zálohování a ukládání dat s integrovanou aktivní ochranou proti kybernetickým hrozbám

Investor: Ministerstvo vnitra ČR, Systém pro zálohování a ukládání dat s integrovanou aktivní ochranou proti kybernetickým hrozbám

Citovat

NOVÁK, Pavel a Václav OUJEZSKÝ. Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal. Online. In 2024 International Conference on Software, Telecommunications and Computer Networks (SoftCOM). Croatia: IEEE, 2024, s. 380-385. ISBN 979-8-3503-5461-4. Dostupné z: https://dx.doi.org/10.23919/SoftCOM62040.2024.10721992.

@inproceedings{2428817,
   author = {Novák, Pavel and Oujezský, Václav},
   address = {Croatia},
   booktitle = {2024 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)},
   doi = {http://dx.doi.org/10.23919/SoftCOM62040.2024.10721992},
   keywords = {detection; gnn; heuristics; intelligence; malware; ransomware},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Croatia},
   isbn = {979-8-3503-5461-4},
   pages = {380-385},
   publisher = {IEEE},
   title = {Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal},
   url = {https://ieeexplore.ieee.org/document/10721992},
   year = {2024}
}

TY  - CONF
ID  - 2428817
AU  - Novák, Pavel - Oujezský, Václav
PY  - 2024
TI  - Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal
PB  - IEEE
CY  - Croatia
SN  - 9798350354614
KW  - detection
KW  - gnn
KW  - heuristics
KW  - intelligence
KW  - malware
KW  - ransomware
UR  - https://ieeexplore.ieee.org/document/10721992
N2  - This article addresses the significant and evolving threat of malware, particularly ransomware, to critical infrastructure sectors such as energy, banking, and food supply. Traditional detection methods that rely on specific indicators of compromise, like file hashes or IP addresses, can be easily circumvented by attackers. This paper presents a novel heuristic approach to malware detection using structured cyber threat intelligence data. By aggregating high-level indicators of compromise such as file modifications, registry key changes, and suspicious network communications, this method aims to identify malicious patterns indicative of malware behavior. The proposed detection system employs advanced machine learning techniques, including graph neural networks, to analyze these aggregated indicators of compromise. This approach enables earlier detection of malware, reduces the mean time to detect breaches, and minimizes false positives. The system utilizes the STIX data format for improved interoperability and analysis of cyber threat intelligence data.
ER  -

NOVÁK, Pavel a Václav OUJEZSKÝ. Heuristic Malware Detection Method Based on Structured CTI Data: A Research Study and Proposal. Online. In \textit{2024 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)}. Croatia: IEEE, 2024, s.~380-385. ISBN~979-8-3503-5461-4. Dostupné z: https://dx.doi.org/10.23919/SoftCOM62040.2024.10721992.

Přehled o publikaci