Predicting malware threat intelligence using KGs.

Large amounts of threat intelligence information about malware attacks are available in disparate, typically unstructured, formats. Knowledge graphs can capture this information and its context using RDF triples represented by entities and relations. Sparse or inaccurate threat information, however, leads to challenges such as incomplete or erroneous triples. Generic information extraction (IE) models used to populate the knowledge graph cannot fully guarantee domain-specific context. This paper proposes a system to generate a Malware Knowledge Graph called MalKG, the first open-source automated knowledge graph for malware threat intelligence. MalKG dataset (MT40K\footnote{ Anonymous GitHub link: this https URL}) contains approximately 40,000 triples generated from 27,354 unique entities and 34 relations. For ground truth, we manually curate a knowledge graph called MT3K, with 3,027 triples generated from 5,741 unique entities and 22 relations. We demonstrate the intelligence prediction of MalKG using two use cases. Predicting malware threat information using the benchmark model achieves 80.4 for the hits@10 metric (predicts the top 10 options for an information class), and 0.75 for the MRR (mean reciprocal rank). We also propose an automated, contextual framework for information extraction, both manually and automatically, at the sentence level from 1,100 malware threat reports and from the common vulnerabilities and exposures (CVE) database.