Christian Badertscher, Ran Canetti, et al.
TCC 2020
We present MalONT2.0 -- an ontology for malware threat intelligence. New classes (attack patterns, infrastructural resources to enable attacks, malware analysis to incorporate static analysis, and dynamic analysis of binaries) and relations have been added following a broadened scope of core competency questions. MalONT2.0 allows researchers to extensively capture all requisite classes and relations that gather semantic and syntactic characteristics of an android malware attack. This ontology forms the basis for the malware threat intelligence knowledge graph, MalKG, which we exemplify using three different, non-overlapping demonstrations. Malware features have been extracted from CTI reports on android threat intelligence shared on the Internet and written in the form of unstructured text. Some of these sources are blogs, threat intelligence reports, tweets, and news articles. The smallest unit of information that captures malware features is written as triples comprising head and tail entities, each connected with a relation. In the poster and demonstration, we discuss MalONT2.0, MalKG, as well as the dynamically growing knowledge graph, TINKER.
Christian Badertscher, Ran Canetti, et al.
TCC 2020
Jonathan Bootle, Vadim Lyubashevsky, et al.
ESORICS 2021
Ehud Aharoni, Nir Drucker, et al.
CSCML 2023
Arnab Bag, Debadrita Talapatra, et al.
PETS 2023