Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI

1 code implementation • 1 Nov 2022 • Md Tanvirul Alam, Dipkamal Bhusal, Youngja Park, Nidhi Rastogi

In this paper, we present LADDER, a knowledge extraction framework that can extract text-based attack patterns from CTI reports at scale.

SoK: Modeling Explainability in Security Monitoring for Trust, Privacy, and Interpretability

1 code implementation • 31 Oct 2022 • Dipkamal Bhusal, Nidhi Rastogi

Security operations centers have a number of security monitoring tools that analyze logs and generate threat alerts which security analysts inspect.

Anomaly Detection Decision Making +1

CyNER: A Python Library for Cybersecurity Named Entity Recognition

1 code implementation • 8 Apr 2022 • Md Tanvirul Alam, Dipkamal Bhusal, Youngja Park, Nidhi Rastogi

Open Cyber threat intelligence (OpenCTI) information is available in an unstructured format from heterogeneous sources on the Internet.

named-entity-recognition NER

Adversarial Patterns: Building Robust Android Malware Classifiers

no code implementations • 4 Mar 2022 • Dipkamal Bhusal, Nidhi Rastogi

We first present an extensive background in building a machine learning classifier for android malware, covering both image-based and text-based feature extraction approaches.

BIG-bench Machine Learning

Explaining RADAR features for detecting spoofing attacks in Connected Autonomous Vehicles

no code implementations • 1 Mar 2022 • Nidhi Rastogi, Sara Rampazzi, Michael Clifford, Miriam Heller, Matthew Bishop, Karl Levitt

We present a model that explains \textit{certainty} and \textit{uncertainty} in sensor input -- a missing characteristic in data collection.

Autonomous Vehicles

Ontology-driven Knowledge Graph for Android Malware

no code implementations • 3 Sep 2021 • Ryan Christian, Sharmishtha Dutta, Youngja Park, Nidhi Rastogi

This ontology forms the basis for the malware threat intelligence knowledge graph, MalKG, which we exemplify using three different, non-overlapping demonstrations.

Malware Analysis

TINKER: A framework for Open source Cyberthreat Intelligence

no code implementations • 10 Feb 2021 • Nidhi Rastogi, Sharmishtha Dutta, Mohammed J. Zaki, Alex Gittens, Charu Aggarwal

The information is extracted and stored in a structured format using knowledge graphs such that the semantics of the threat intelligence can be preserved and shared at scale with other security analysts.

Information Retrieval Intrusion Detection +3

Malware Knowledge Graph Generation

no code implementations • 10 Feb 2021 • Sharmishtha Dutta, Nidhi Rastogi, Destin Yee, Chuqiao Gu, Qicheng Ma

Cyber threat and attack intelligence information are available in non-standard format from heterogeneous sources.

Graph Generation Knowledge Graphs

DANTE: Predicting Insider Threat using LSTM on system logs

no code implementations • 10 Feb 2021 • Nidhi Rastogi, Qicheng Ma

For this, system logs are modeled as a natural language sequence and patterns are extracted from these sequences.

MALOnt: An Ontology for Malware Threat Intelligence

1 code implementation • 20 Jun 2020 • Nidhi Rastogi, Sharmishtha Dutta, Mohammed J. Zaki, Alex Gittens, Charu Aggarwal

The knowledge graph that uses MALOnt is instantiated from a corpus comprising hundreds of annotated malware threat reports.

Decision Making Graph Generation +1

Personal Health Knowledge Graphs for Patients

no code implementations • 31 Mar 2020 • Nidhi Rastogi, Mohammed J. Zaki

Existing patient data analytics platforms fail to incorporate information that has context, is personal, and topical to patients.

Knowledge Graphs

Exploring Information Centrality for Intrusion Detection in Large Networks

no code implementations • 27 Apr 2019 • Nidhi Rastogi

Information Centrality (IC) labels network nodes with better vantage points for detecting network-based anomalies as central nodes and uses them for detecting a category of attacks called systemic attacks.

Anomaly Detection Intrusion Detection +1