Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Automated pattern inference based on repeatedly observed malware artifacts

 
: Doll, C.; Sykosch, A.; Ohm, M.; Meier, M.

:

Association for Computing Machinery -ACM-:
ARES 2019, 14th International Conference on Availability, Reliability and Security. Proceedings : Canterbury, CA, United Kingdom, August 26 - 29, 2019
New York: ACM, 2019
ISBN: 978-1-4503-7164-3
Art. 82, 10 S.
International Conference on Availability, Reliability and Security (ARES) <14, 2019, Canterbury>
Englisch
Konferenzbeitrag
Fraunhofer FKIE ()

Abstract
Threat Intelligence comprises the concept of Indicators of Compromise, which are commonly used similar to classical intrusion detection signatures. However, data quality is often of limited quality with regard to this use case. The quality of these Indicators of Compromise can be increased by deriving patterns form repeated observations. A method is introduced which is capable to derive patterns from these observations automatically. Employing automatically derived pattern increases detection quality significantly. Moreover, it lead to the discovery of a previously unfamiliar type of patterns; inter-observable patterns, which capture relationships between patterns. An approach to address them in a fully STIX™ compliant fashion is proposed.

: http://publica.fraunhofer.de/dokumente/N-633019.html