Graphversation Ep. 4 – Causal inference powered by Knowledge Graph for applied security research

25 May, 2023



We are super excited to bring the 4th episode of Graphversation, a monthly livestream series that brings graph experts and Neo4j ninjas for engaging and informative conversations about the fascinating world of graphs. Whether you are a beginner or an advanced developer in graphs, we are confident that you will find our conversations engaging, informative, and thought-provoking.

In this episoide, we have Dinesh Venkatesan who will talk about, "Causal inference powered by Knowledge Graph for applied security research". Dinesh will talk about approaching the security research problem as a causal query that can aid binary analysis targeted to run on cross platform operating systems, specifically Linux, Android, macOS, and Windows.

The first part of the talk would cover different vantage points from which the execution of the executable is observed and highlights the novelty in creating actionable threat intel and analysis artifacts used for inference in the second part of the talk. Three main vantage points are:
- Observing the events via Kernel Modules/extensions/drivers
- Memory forensics artifacts powered by Volatility
- Modern observability frameworks (eBPF, PINtrace)

The observations taken from these vantage points are stored as a Graph Structured Data. To percolate the raw data transform into information and inturn transform into Knowledge. Aided by Graph analytics and domain expertise expressed in graph query language, the framework then provides a central causal inference engine that allows the researchers to get the right information at the right time to understand the causal relationship among the variants. In addition to that the framework can also act as a search interface for the researchers to look for specific patterns and yields additional threat intelligence in the form of a recommender system.

Speaker:
Dinesh Venkatesan, Security Researcher @ Microsoft
Dinesh Venkatesan is a Logician & Mathematician presently working as security researcher at Microsoft. He has been in the cybersecurity industry for over 17 years working with Google, Symantec and HCL Technologies and has published numerous blog posts on malware analysis. He is a specialist on the mobile threat landscape and desktop security threats and has discovered multiple vulnerabilities in Android framework layer, responsibly reporting it to Android and helping to make the OS secure. He has hands-on expertise in writing generic detection and cure routines for prevalent malware families. He is on an active look out for collecting threat intel about sophisticated attacks and keen on researching various threat actors and developing useful insights into malware evolution.
https://www.linkedin.com/in/dinesh-v-a5922726/

Host:
Siddhant Agarwal, Developer Relations APAC @ Neo4j
With over a decade of industry experience, Siddhant has literally spent his entire career in building, scaling and growing communities in India & APAC and has found his passion in launching ed-tech initiatives, design innovation, growing startup ecosystem and building for the next billion users. Siddhant has previously worked with Open Financial Technologies, Google, Beahead and IBM. A design thinker at heart, he loves working with startups and helping them scale in UX and improve their designs.
https://www.linkedin.com/in/sidagarwal04

Resources:
1. Slides: https://drive.google.com/file/d/17Eg0gKcoKEi7KES-x1koAn4YGzfnb8H8/view?usp=sharing

Related Videos