WHDL - 00014782
WHDL - 00014782
Submitted to the Department of Mathematics and Computer Science in partial fulfillment of the requirements for the degree of Bachelor of Science
Malware affects millions of machines, causing havoc to those it reaches. The dangers and negative impact that malware has inflicted push researchers to find a way to mitigate its effects. Labeling malware within the anti-malware services becomes a challenge in finding the correct Tactics, Techniques, and Procedures (TTP) that each malware implements. The Control Flow Graph (CFG) describes the structure of a program during its execution; this is how a program flows. In reference to malware, it represents the flow of all the internal and external function calls. The current research proposes a novel approach to locating ATT&CK® TTP in a CFG by applying Machine Learning Classifiers on Android Malware. Through these methods, the approach associates the TTP, given by the ATT&CK® Framework with a subgraph of an Android malware CFG. Using Graph Neural Network and SIR-GN node representation learning approach, this methodology processes the CFG and creates a model that classifies the associated TTP. Furthermore, the explanation technique SHapley Additive exPlanations (SHAP), a model agnostic game-theoretic approach to explain any machine learning model's output and identify the subgraph in the CFG connected with the specific TTP, is implemented. Preliminary experiments indicate approximately 89% accuracy in classifying such techniques.
This material is used by permission of the rightsholder in accordance with the terms of the relevant content release. As a user, you have permission to use this content and download a copy for non-commercial use only. Downloading multiple quantities of this resource is expressly forbidden.