Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&amp;CK Framework

Ahn, GwangHyun; Kim, Kookjin; Park, Won-Hyung; Shin, Dongkyoo

doi:10.3390/app122110761

Cited by 11 publications

(5 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Risks other than these, i.e., "unknown-unknowns", are excluded. The risks associated with this type of risk need to be considered based on concepts such as offensive security [17] and MITER ATT&CK [18], and remain a topic for future work.…”

Section: Limitations Of This Papermentioning

confidence: 99%

Countermeasure Portfolio Management of Silent Cyber Risks for Suitable Return of Investment

Tanimoto,

Mishina,

Goromaru

et al. 2024

International Journal of Service and Knowledge Management

View full text Add to dashboard Cite

In recent years, with the continuing development of the Internet of Things (IoT), various devices are now connected a huge number of networks and are being used for diverse purposes. The IoT has the potential to link cyber risks to actual property damage, as cyberspace risks are connected to physical space. With this increase in unknown cyber risks, the demand for cyber insurance is increasing. One of the most serious emerging risks is the silent cyber risk, and it is only likely to increase in the future. However, at present, security countermeasures against silent cyber risks are insufficient. In this paper, we propose a countermeasure portfolio management of silent cyber risk for organizations with the objective of contributing to the development of risk management methods against new cyber risks. Specifically, we modeled silent cyber risk by focusing on state transitions to different risks. We newly defined two types of silent cyber risk, Alteration risk and Combination risk, and conducted a risk assessment that identified 23 risk factors. After analyzing them, we found that all were classified as Risk Transference. We clarified that the most effective risk countermeasure for Alteration risk was insurance and for Combination risk was countermeasures to reduce the impact of the risk factors themselves. Our evaluation showed that the silent cyber risk could be reduced by about 50%, thus demonstrating the effectiveness of the proposed countermeasures. We also investigated the risk assessment results of silent cyber risk from the operational perspective. Specifically, we applied portfolio management based on the return on investment of risk countermeasures for silent cyber risks and found that proactive countermeasures tended to have higher priority.

show abstract

Section: Limitations Of This Papermentioning

confidence: 99%

Countermeasure Portfolio Management of Silent Cyber Risks for Suitable Return of Investment

Tanimoto,

Mishina,

Goromaru

et al. 2024

International Journal of Service and Knowledge Management

View full text Add to dashboard Cite

show abstract

“…The main aim of this study from [Ahn et al 2022] was to perform a dynamic analysis of malicious and suspicious files and apply the results to the MITRE ATT&CK framework to visually present the attack tactics and detailed techniques used for the files. The proposal was to make it easier for agents to identify and respond to threats.…”

Section: Related Workmentioning

confidence: 99%

“…Most research found in the state of the art has the objective of detecting and recognizing patterns in combating malicious adversaries [Ahn et al 2022, Lin et al 2022, Noor et al 2019]. However, these works have addressed this problem through proposals for a cyber threat attribution using unstructured reports in cyber threat intelligence [Irshad and Siddiqui 2022] and an automated reclassification for threat actors [Shin et al 2021].…”

Section: Introductionmentioning

confidence: 99%

Identification of Potential Threats in the Critical Path for Defense Operations by Cross Reference Features Clustering

Horta,

Marinho,

Holanda

2023

Anais Do XXIII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2023)

View full text Add to dashboard Cite

Cyber attacks are a threat to the security of the most diverse types of organizations. To mitigate the risk of suffering successful attacks, organizations use different types of assessments. The research problem addressed in this study is to present, among the behaviors of known threats, those that are similar to the assessment campaign carried out and consequently represent greater risk when attempting attacks using the more exploitable critical path. The purpose of this research is to present a method for identifying the critical path of the threat and the similarity factor by Cross Reference Features (CRF) method to identify the opponents most similar to the procedures used in the assessment campaign carried out. The CRF was used as a baseline for comparison between 2 unsupervised learning algorithms in the threat clustering task. For essays that considered only groups as threats, K-means outperformed the Hierarchical Agglomerative Clustering by 2.4 percentage points, while in the essay with all threats, Hierarchical Agglomerative Clustering surpassed K-means by 2.3%.

show abstract

“…The study [11] using same dataset combined a method for visualising data for the detection of malicious les utilizing the dynamic-analysis-based MITRE ATT&CK framework with a machine learning algorithm to obtain a harmful le detection accuracy of more than 99%. Three models were used to categorise the PE malware dataset: Random Forest, Adaboost, and Gradient Boosting.…”

Section: Experimental Analysismentioning

confidence: 99%

Signature based ransomware detection based on optimizations approaches using RandomClassifier and CNN algorithms

Sangher

Singh

Pandey

2023

Int J Syst Assur Eng Manag

View full text Add to dashboard Cite

As Ransomware encrypts user les to prevent access to infected systems its harmful impacts must be quickly identi ed and remedied. It can be challenging to identify the metrics and parameters to check, especially when using unknown ransomware variants in tests. The proposed work uses machine learning techniques to create a general model that can be used to detect the variations of ransomware families while observing the characteristics of malware. However, early detection is impeded by a dearth of data during the initial phases of an attack, which results in low detection accuracy and a high proportion of false alarms.To overcome these restrictions, our research suggests a revolutionary technique, in machine learning techniques we have proposedRandomClassi er with SMOTE optimizer based on the results received from LazyPredictAutoML and then deep learning algorithm ANN using Root Mean Square Propagation (adam) has been implemented to get the hidden patterns which were not accessible in machine learning approach. Further study focused on improving CNN's performance over RMSProp& Adam, which maintains per-parameter learning rates that are adjusted based on the average of most recent weight gradient magnitudes, using the Adam optimizer. The best option for internet and nonstationary issues is CNN with Adam (e.g. noisy). As gradients grow sparser toward the end of optimization, Adam somewhat surpasses RMSprop. Adam uses CNN and uses the average of the second moments of the gradients (the uncentered variance). The proposed model reported 5.14ms of prediction time and 99.18% accuracy.

show abstract

Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework

Cited by 11 publications

References 27 publications

Countermeasure Portfolio Management of Silent Cyber Risks for Suitable Return of Investment

Countermeasure Portfolio Management of Silent Cyber Risks for Suitable Return of Investment

Identification of Potential Threats in the Critical Path for Defense Operations by Cross Reference Features Clustering

Signature based ransomware detection based on optimizations approaches using RandomClassifier and CNN algorithms

Contact Info

Product

Resources

About