Using Knowledge Graphs and Reinforcement Learning for Malware Analysis

Piplai, Aritran; Ranade, Priyanka; Kotal, Anantaa; Mittal, Sudip; Narayanan, S.; Joshi, Anupam

doi:10.1109/bigdata50022.2020.9378491

Cited by 23 publications

(17 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unsupervised methods, using deep learning models have also been useful in detecting cyber-threats involving network data [36,42]. Reinforcement Learning-based methods are also becoming popular in detecting cyber-threats and malware [33,35,44]. Some researchers have shown that Random Forests outperform other state-of-the-art algorithms for Network IDS tasks [5].…”

Section: Related Workmentioning

confidence: 99%

PriveTAB

Kotal

Piplai

Chukkapalli

et al. 2022

Proceedings of the 2022 ACM on International Workshop on Security and Privacy Analytics

Self Cite

View full text Add to dashboard Cite

Machine Learning has increased our ability to model large quantities of data efficiently in a short time. Machine learning approaches in many application domains require collecting large volumes of data from distributed sources and combining them. However, sharing of data from multiple sources leads to concerns about privacy. Privacy regulations like European Union's General Data Protection Regulation (GDPR) have specific requirements on when and how such data can be shared. Even when there are no specific regulations, organizations may have concerns about revealing their data. For example in cybersecurity, organizations are reluctant to share their network-related data to permit machine learning-based intrusion detectors to be built. This has, in particular, hampered academic research. We need an approach to make confidential data widely available for accurate data analysis without violating the privacy of the data subjects. Privacy in shared data has been discussed in prior work focusing on anonymization and encryption of data.An alternate approach to make data available for analysis without sharing sensitive information is by replacing sensitive information with synthetic data that behave as original data for all analytical purposes. Generative Adversarial Networks (GANs) are one of the well-known models to generate synthetic samples that can have the same distributional characteristics as the original data. However, modeling tabular data using GAN is a non-trivial task. Tabular data contain a mix of categorical and continuous variables and require specialized constraints as described in the CTGAN model.In this paper, we propose a framework to generate privacypreserving synthetic data suitable for release for analytical purposes. The data is generated using the CTGAN approach, and so is analytically similar to the original dataset. To ensure that the generated data meet the privacy requirements, we use the principle of t-closeness. We ensure that the distribution of attributes in the released dataset is within a certain threshold distance from the real dataset. We also encrypt sensitive values in the final released

show abstract

Section: Related Workmentioning

confidence: 99%

PriveTAB

Kotal

Piplai

Chukkapalli

et al. 2022

Proceedings of the 2022 ACM on International Workshop on Security and Privacy Analytics

Self Cite

View full text Add to dashboard Cite

show abstract

“…Knowledge graphs can be refined to contain knowledge about a specific domain. In our prior work, we used Cybersecurity Knowledge Graphs (CKGs) to represent Cyber Threat Intelligence (CTI) ( Piplai et al, 2020a ; Piplai et al, 2020b ; Piplai et al, 2020c ). To build a Knowledge Graph specific to a domain, we need to define the ontology schema and entity relations in the domain.…”

Section: Related Workmentioning

confidence: 99%

A Policy-Driven Approach to Secure Extraction of COVID-19 Data From Research Papers

et al. 2021

Self Cite

View full text Add to dashboard Cite

The entire scientific and academic community has been mobilized to gain a better understanding of the COVID-19 disease and its impact on humanity. Most research related to COVID-19 needs to analyze large amounts of data in very little time. This urgency has made Big Data Analysis, and related questions around the privacy and security of the data, an extremely important part of research in the COVID-19 era. The White House OSTP has, for example, released a large dataset of papers related to COVID research from which the research community can extract knowledge and information. We show an example system with a machine learning-based knowledge extractor which draws out key medical information from COVID-19 related academic research papers. We represent this knowledge in a Knowledge Graph that uses the Unified Medical Language System (UMLS). However, publicly available studies rely on dataset that might have sensitive data. Extracting information from academic papers can potentially leak sensitive data, and protecting the security and privacy of this data is equally important. In this paper, we address the key challenges around the privacy and security of such information extraction and analysis systems. Policy regulations like HIPAA have updated the guidelines to access data, specifically, data related to COVID-19, securely. In the US, healthcare providers must also comply with the Office of Civil Rights (OCR) rules to protect data integrity in matters like plasma donation, media access to health care data, telehealth communications, etc. Privacy policies are typically short and unstructured HTML or PDF documents. We have created a framework to extract relevant knowledge from the health centers’ policy documents and also represent these as a knowledge graph. Our framework helps to understand the extent to which individual provider policies comply with regulations and define access control policies that enforce the regulation rules on data in the knowledge graph extracted from COVID-related papers. Along with being compliant, privacy policies must also be transparent and easily understood by the clients. We analyze the relative readability of healthcare privacy policies and discuss the impact. In this paper, we develop a framework for access control decisions that uses policy compliance information to securely retrieve COVID data. We show how policy compliance information can be used to restrict access to COVID-19 data and information extracted from research papers.

show abstract

“…Piplai et al [32], [39] create a pipeline to extract information from malware after action reports and other unstructured CTI sources and represent that in a CKG. They use this prior knowledge stored in a CKG as input to agents in a reinforcement learning environment [40]. We demonstrate the effects of the poisoning attack, by ingesting fake CTI on CKG using a complete CTI processing pipeline [31], [32].…”

Section: Ai-based Cyber Systems and Knowledge Graphsmentioning

confidence: 99%

Generating Fake Cyber Threat Intelligence Using Transformer-Based Models

Ranade¹,

Piplai²,

Mittal³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs.In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true.

show abstract

Using Knowledge Graphs and Reinforcement Learning for Malware Analysis

Cited by 23 publications

References 25 publications

PriveTAB

PriveTAB

A Policy-Driven Approach to Secure Extraction of COVID-19 Data From Research Papers

Generating Fake Cyber Threat Intelligence Using Transformer-Based Models

Contact Info

Product

Resources

About