Skip to main content
SpringerLink
Log in

MALOnt: An Ontology for Malware Threat Intelligence

  • Conference paper
  • First Online:
Deployable Machine Learning for Security Defense (MLHat 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1271))

Abstract

Malware threat intelligence uncovers deep information about malware, threat actors, and their tactics, Indicators of Compromise, and vulnerabilities in different platforms from scattered threat sources. This collective information can guide decision making in cyber defense applications utilized by security operation centers. In this paper, we introduce an open-source malware ontology, MALOnt that allows the structured extraction of information and knowledge graph generation, especially for threat intelligence. The knowledge graph that uses MALOnt is instantiated from a corpus comprising hundreds of annotated malware threat reports. The knowledge graph enables the analysis, detection, classification, and attribution of cyber threats caused by malware. We also demonstrate the annotation process using MALOnt on exemplar threat intelligence reports. A work in progress, this research is part of a larger effort towards auto-generation of knowledge graphs for gathering malware threat intelligence from heterogeneous online resources.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://tinyurl.com/yxs8h6aw.

  2. 2.

    https://github.com/aiforsec/MALOnt.

  3. 3.

    https://tinyurl.com/y9e7m5w7.

  4. 4.

    https://tinyurl.com/yavqfb2y.

  5. 5.

    https://cve.mitre.org/.

  6. 6.

    https://capec.mitre.org/.

  7. 7.

    https://attack.mitre.org/.

  8. 8.

    https://www.fireeye.com/blog/threat-research/2013/10/openioc-basics.html.

  9. 9.

    https://www.w3.org/OWL/.

  10. 10.

    https://tinyurl.com/y9shcvpd.

  11. 11.

    https://tinyurl.com/y5veq59m.

  12. 12.

    https://tinyurl.com/y52axjtf.

References

  1. Barnum, S.: Common attack pattern enumeration and classification (CAPEC) schema description, vol. 3. Cigital Inc. (2008). http://capec.mitre.org/documents/documentation/CAPEC_Schema_Description_v1

  2. Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX). Mitre Corp. 11, 1–22 (2012)

    Google Scholar 

  3. Costa, D.L., Albrethsen, M.J., Collins, M.L.: Insider threat indicator ontology. Technical report. Carnegie Mellon University Pittsburgh PA United States (2016)

    Google Scholar 

  4. Fernandes, P.C.B., Guizzardi, R.S., Guizzardi, G.: Using goal modeling to capture competency questions in ontology-based systems. J. Inf. Data Manag. 2(3), 527–527 (2011)

    Google Scholar 

  5. Hendler, J., Ding, Y.: Synthesis Lectures on the Semantic Web: Theory and Technology. Morgan & Claypool, San Rafael (2012)

    Google Scholar 

  6. Iannacone, M., et al.: Developing an ontology for cyber security knowledge graphs. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference, pp. 1–4 (2015)

    Google Scholar 

  7. Lockard, C., Dong, X.L., Einolghozati, A., Shiralkar, P.: CERES: distantly supervised relation extraction from the semi-structured web. Proc. VLDB Endow. 11(10), 1084–1096 (2018)

    Article  Google Scholar 

  8. Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: 2017 European Intelligence and Security Informatics Conference (EISIC), pp. 91–98. IEEE (2017)

    Google Scholar 

  9. Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)

    Google Scholar 

  10. Mittal, S., Joshi, A., Finin, T.: Thinking, fast and slow: Combining vector spaces and knowledge graphs. arXiv preprint arXiv:1708.03310 (2017)

  11. Noy, N.F., McGuinness, D.L., et al.: Ontology development 101: a guide to creating your first ontology (2001)

    Google Scholar 

  12. Noy, N.F., Sintek, M., Decker, S., Crubézy, M., Fergerson, R.W., Musen, M.A.: Creating semantic web contents with protege-2000. IEEE Intell. Syst. 16(2), 60–71 (2001)

    Article  Google Scholar 

  13. Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.D.: Building an ontology of cyber security. In: Semantic Technology for Intelligence, Defense and Security, pp. 54–61. Citeseer (2014)

    Google Scholar 

  14. Pingle, A., Piplai, A., Mittal, S., Joshi, A., Holt, J., Zak, R.: RelExt: relation extraction using deep learning approaches for cybersecurity knowledge graph improvement. In: Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 879–886 (2019)

    Google Scholar 

  15. Piplai, A., Mittal, S., Joshi, A., Finin, T., Holt, J., Zak, R.: Creating cybersecurity knowledge graphs from malware after action reports. Technical report, November 2019

    Google Scholar 

  16. Raad, J., Cruz, C.: A survey on ontology evaluation methods. In: Proceedings of the International Conference on Knowledge Engineering and Ontology Development, part of the 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, Lisbonne, Portugal, November 2015. https://doi.org/10.5220/0005591001790186, https://hal.archives-ouvertes.fr/hal-01274199

  17. Rastogi, N.: A network intrusion detection system (NIDS) based on information centrality to identify systemic cyber attacks in large systems. Ph.D. thesis, Rensselaer Polytechnic Institute (2018)

    Google Scholar 

  18. Semy, S., Hetherington-Young, K., Frey, S.: Ontology engineering: an application perspective. In: Wissensmanagement, pp. 499–504 (2005)

    Google Scholar 

  19. Stenetorp, P., Pyysalo, S., Topić, G., Ohta, T., Ananiadou, S., Tsujii, J.: Brat: a web-based tool for NLP-assisted text annotation. In: Proceedings of the Demonstrations at the 13th Conference of the European Chapter of the Association for Computational Linguistics, pp. 102–107. Association for Computational Linguistics (2012)

    Google Scholar 

  20. Subasic, P., Yin, H., Lin, X.: Building knowledge base through deep learning relation extraction and Wikidata. In: AAAI Spring Symposium: Combining Machine Learning with Knowledge Engineering (2019)

    Google Scholar 

  21. Swimmer, M.: Towards an ontology of malware classes, 27 January 2008

    Google Scholar 

  22. Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence (2016)

    Google Scholar 

  23. Vrandečić, D., Krötzsch, M.: Wikidata: a free collaborative knowledgebase. Commun. ACM 57(10), 78–85 (2014)

    Article  Google Scholar 

Download references

Acknowledgement

This work is supported by the IBM AI Research Collaboration (AIRC). The authors would like to thank RPI researchers Shruthi Chari and Dr. Oshani Seneviratne for evaluating MALOnt and for ensuring that best practices are followed during ontology generation; Destin Lee for putting together the ontology and knowledge graph figures, and instantiating threat intelligence reports.

Author information

Authors and Affiliations

  1. Rensselaer Polytechnic Institute, Troy, NY, 12180, USA

    Nidhi Rastogi, Sharmishtha Dutta, Mohammed J. Zaki & Alex Gittens

  2. IBM T. J. Watson Research Center, Yorktown Heights, NY, 10598, USA

    Charu Aggarwal

Authors
  1. Nidhi Rastogi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sharmishtha Dutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammed J. Zaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alex Gittens
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Charu Aggarwal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nidhi Rastogi .

Editor information

Editors and Affiliations

  1. University of Illinois at Urbana Champaign, Urbana, IL, USA

    Gang Wang

  2. Blue Hexagon Inc., Sunnyvale, CA, USA

    Arridhana Ciptadi

  3. Blue Hexagon Inc., Sunnyvale, CA, USA

    Ali Ahmadzadeh

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rastogi, N., Dutta, S., Zaki, M.J., Gittens, A., Aggarwal, C. (2020). MALOnt: An Ontology for Malware Threat Intelligence. In: Wang, G., Ciptadi, A., Ahmadzadeh, A. (eds) Deployable Machine Learning for Security Defense. MLHat 2020. Communications in Computer and Information Science, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-59621-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59621-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59620-0

  • Online ISBN: 978-3-030-59621-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation