Abstract
Malware threat intelligence uncovers deep information about malware, threat actors, and their tactics, Indicators of Compromise, and vulnerabilities in different platforms from scattered threat sources. This collective information can guide decision making in cyber defense applications utilized by security operation centers. In this paper, we introduce an open-source malware ontology, MALOnt that allows the structured extraction of information and knowledge graph generation, especially for threat intelligence. The knowledge graph that uses MALOnt is instantiated from a corpus comprising hundreds of annotated malware threat reports. The knowledge graph enables the analysis, detection, classification, and attribution of cyber threats caused by malware. We also demonstrate the annotation process using MALOnt on exemplar threat intelligence reports. A work in progress, this research is part of a larger effort towards auto-generation of knowledge graphs for gathering malware threat intelligence from heterogeneous online resources.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
References
Barnum, S.: Common attack pattern enumeration and classification (CAPEC) schema description, vol. 3. Cigital Inc. (2008). http://capec.mitre.org/documents/documentation/CAPEC_Schema_Description_v1
Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX). Mitre Corp. 11, 1–22 (2012)
Costa, D.L., Albrethsen, M.J., Collins, M.L.: Insider threat indicator ontology. Technical report. Carnegie Mellon University Pittsburgh PA United States (2016)
Fernandes, P.C.B., Guizzardi, R.S., Guizzardi, G.: Using goal modeling to capture competency questions in ontology-based systems. J. Inf. Data Manag. 2(3), 527–527 (2011)
Hendler, J., Ding, Y.: Synthesis Lectures on the Semantic Web: Theory and Technology. Morgan & Claypool, San Rafael (2012)
Iannacone, M., et al.: Developing an ontology for cyber security knowledge graphs. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference, pp. 1–4 (2015)
Lockard, C., Dong, X.L., Einolghozati, A., Shiralkar, P.: CERES: distantly supervised relation extraction from the semi-structured web. Proc. VLDB Endow. 11(10), 1084–1096 (2018)
Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: 2017 European Intelligence and Security Informatics Conference (EISIC), pp. 91–98. IEEE (2017)
Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)
Mittal, S., Joshi, A., Finin, T.: Thinking, fast and slow: Combining vector spaces and knowledge graphs. arXiv preprint arXiv:1708.03310 (2017)
Noy, N.F., McGuinness, D.L., et al.: Ontology development 101: a guide to creating your first ontology (2001)
Noy, N.F., Sintek, M., Decker, S., Crubézy, M., Fergerson, R.W., Musen, M.A.: Creating semantic web contents with protege-2000. IEEE Intell. Syst. 16(2), 60–71 (2001)
Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.D.: Building an ontology of cyber security. In: Semantic Technology for Intelligence, Defense and Security, pp. 54–61. Citeseer (2014)
Pingle, A., Piplai, A., Mittal, S., Joshi, A., Holt, J., Zak, R.: RelExt: relation extraction using deep learning approaches for cybersecurity knowledge graph improvement. In: Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 879–886 (2019)
Piplai, A., Mittal, S., Joshi, A., Finin, T., Holt, J., Zak, R.: Creating cybersecurity knowledge graphs from malware after action reports. Technical report, November 2019
Raad, J., Cruz, C.: A survey on ontology evaluation methods. In: Proceedings of the International Conference on Knowledge Engineering and Ontology Development, part of the 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, Lisbonne, Portugal, November 2015. https://doi.org/10.5220/0005591001790186, https://hal.archives-ouvertes.fr/hal-01274199
Rastogi, N.: A network intrusion detection system (NIDS) based on information centrality to identify systemic cyber attacks in large systems. Ph.D. thesis, Rensselaer Polytechnic Institute (2018)
Semy, S., Hetherington-Young, K., Frey, S.: Ontology engineering: an application perspective. In: Wissensmanagement, pp. 499–504 (2005)
Stenetorp, P., Pyysalo, S., Topić, G., Ohta, T., Ananiadou, S., Tsujii, J.: Brat: a web-based tool for NLP-assisted text annotation. In: Proceedings of the Demonstrations at the 13th Conference of the European Chapter of the Association for Computational Linguistics, pp. 102–107. Association for Computational Linguistics (2012)
Subasic, P., Yin, H., Lin, X.: Building knowledge base through deep learning relation extraction and Wikidata. In: AAAI Spring Symposium: Combining Machine Learning with Knowledge Engineering (2019)
Swimmer, M.: Towards an ontology of malware classes, 27 January 2008
Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence (2016)
Vrandečić, D., Krötzsch, M.: Wikidata: a free collaborative knowledgebase. Commun. ACM 57(10), 78–85 (2014)
Acknowledgement
This work is supported by the IBM AI Research Collaboration (AIRC). The authors would like to thank RPI researchers Shruthi Chari and Dr. Oshani Seneviratne for evaluating MALOnt and for ensuring that best practices are followed during ontology generation; Destin Lee for putting together the ontology and knowledge graph figures, and instantiating threat intelligence reports.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Rastogi, N., Dutta, S., Zaki, M.J., Gittens, A., Aggarwal, C. (2020). MALOnt: An Ontology for Malware Threat Intelligence. In: Wang, G., Ciptadi, A., Ahmadzadeh, A. (eds) Deployable Machine Learning for Security Defense. MLHat 2020. Communications in Computer and Information Science, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-59621-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-59621-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59620-0
Online ISBN: 978-3-030-59621-7
eBook Packages: Computer ScienceComputer Science (R0)