To TTP or not to TTP?: Exploiting TTPs to Improve ML-based Malware Detection

Abstract: In the last decade, machine learning (ML) methods have increasingly been applied to the task of malware detection. While these approaches have surely demonstrated their effectiveness, they still present limitations, some of which are a consequence of their purely data-driven nature. In this paper, we show how the MITRE ATT&CK framework of tactics, techniques, and procedures (TTPs) can be exploited to overcome such limitations and improve their ability to detect malware on networks. We conduct an extensive expe… Show more