Enhancing the Creation of Detection Rules for Malicious Software through Ontologies and Crowdsourcing
| Autor: | André Grégio, Antonio Carlos de Marchi, Rodrigo Bonacin |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Point (typography)
business.industry Semantics (computer science) Computer science 020206 networking & telecommunications 02 engineering and technology Ontology (information science) computer.software_genre Crowdsourcing Data science Domain (software engineering) World Wide Web 020204 information systems 0202 electrical engineering electronic engineering information engineering Malware Leverage (statistics) Malware analysis business computer |
| Zdroj: | WETICE |
| DOI: | 10.1109/wetice.2017.31 |
| Popis: | The analysis of malicious software (malware) is one of the hardest open problems in computer security, since there is a huge and varied number of samples produced daily. In addition,modern malicious programs have automatic mutation capabilities. Through behavior analysis of existing malware, we are able to understand new variants and develop new protection methods. Ontologies can be used to model those behaviors, enabling experts to define classes and rules that represent complex behaviors. In this paper, we used an ontology and architecture built during our previous studies as a starting point to inspire the development of a crowdsource-based framework and platform. The objective of this work is to explore crowdsourcing mechanisms to collaboratively evolve ontologies, in which users can propose new classes and rules that increasingly identify potential malicious programs. With a user-friendly platform, we expect to leverage a model that could be used in other malware analysis systems, as well as to quickly respond to new malware variants. Eight domain experts evaluated this platform with the goal of validating and identifying the platforms potentials and limitations. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|