CGraph: Graph Based Extensible Predictive Domain Threat Intelligence Platform

TL;DR

cGraph is an extensible, graph-based cyber threat intelligence platform that enables real-time prediction of malicious domains and investigation of network resources, addressing limitations of reactive systems.

Contribution

It introduces a novel graph-first platform with real-time predictive capabilities for cyber threat intelligence, uniquely allowing exploration and extension of network resources.

Findings

Predicts malicious domains with high accuracy from limited seed data

Enables exploration of network resources via a graph-based API

Extensible architecture allows addition of new network resources

Abstract

Ability to effectively investigate indicators of compromise and associated network resources involved in cyber attacks is paramount not only to identify affected network resources but also to detect related malicious resources. Today, most of the cyber threat intelligence platforms are reactive in that they can identify attack resources only after the attack is carried out. Further, these systems have limited functionality to investigate associated network resources. In this work, we propose an extensible predictive cyber threat intelligence platform called cGraph that addresses the above limitations. cGraph is built as a graph-first system where investigators can explore network resources utilizing a graph based API. Further, cGraph provides real-time predictive capabilities based on state-of-the-art inference algorithms to predict malicious domains from network graphs with a few known malicious and benign seeds. To the best of our knowledge, cGraph is the only threat intelligence platform to do so. cGraph is extensible in that additional network resources can be added to the system transparently.