all InfoSec news
RADAR: Effective Network-based Malware Detection based on the MITRE ATT&CK Framework. (arXiv:2212.03793v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
MITRE ATT&CK is a widespread ontology that specifies tactics, techniques, and
procedures (TTPs) typical of malware behaviour, making it possible to exploit
such TTPs for malware identification. However, this is far from being an easy
task given that benign usage of software can also match some of these TTPs. In
this paper, we present RADAR, a system that can identify malicious behaviour in
network traffic in two stages: first, RADAR extracts MITRE ATT&CK TTPs from
arbitrary network traffic captures, and, …
att detection framework malware malware detection mitre mitre att&ck mitre att&ck framework network radar