English

CGraph: Graph Based Extensible Predictive Domain Threat Intelligence Platform

Cryptography and Security 2022-02-17 v1

Abstract

Ability to effectively investigate indicators of compromise and associated network resources involved in cyber attacks is paramount not only to identify affected network resources but also to detect related malicious resources. Today, most of the cyber threat intelligence platforms are reactive in that they can identify attack resources only after the attack is carried out. Further, these systems have limited functionality to investigate associated network resources. In this work, we propose an extensible predictive cyber threat intelligence platform called cGraph that addresses the above limitations. cGraph is built as a graph-first system where investigators can explore network resources utilizing a graph based API. Further, cGraph provides real-time predictive capabilities based on state-of-the-art inference algorithms to predict malicious domains from network graphs with a few known malicious and benign seeds. To the best of our knowledge, cGraph is the only threat intelligence platform to do so. cGraph is extensible in that additional network resources can be added to the system transparently.

Keywords

Cite

@article{arxiv.2202.07883,
  title  = {CGraph: Graph Based Extensible Predictive Domain Threat Intelligence Platform},
  author = {Wathsara Daluwatta and Ravindu De Silva and Sanduni Kariyawasam and Mohamed Nabeel and Charith Elvitigala and Kasun De Zoysa and Chamath Keppitiyagama},
  journal= {arXiv preprint arXiv:2202.07883},
  year   = {2022}
}

Comments

threat intelligence graph investigation

R2 v1 2026-06-24T09:40:21.989Z