Threat Behavior Textual Search by Attention Graph Isomorphism
Conference of the European Chapter of the Association for Computational Linguistics(2024)
摘要
Cyber attacks cause over $1 trillion loss every year. An important task for
cyber security analysts is attack forensics. It entails understanding malware
behaviors and attack origins. However, existing automated or manual malware
analysis can only disclose a subset of behaviors due to inherent difficulties
(e.g., malware cloaking and obfuscation). As such, analysts often resort to
text search techniques to identify existing malware reports based on the
symptoms they observe, exploiting the fact that malware samples share a lot of
similarity, especially those from the same origin. In this paper, we propose a
novel malware behavior search technique that is based on graph isomorphism at
the attention layers of Transformer models. We also compose a large dataset
collected from various agencies to facilitate such research. Our technique
outperforms state-of-the-art methods, such as those based on sentence
embeddings and keywords by 6-14
our technique can correctly attribute 8 of them to their ground truth origins
while using Google only works for 3 cases.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要