Ontology-based knowledge representation for malware individuals and families

Malware consists of a large numbers of malware families and individuals, and each individual has complex behaviors. So knowledge base is urgently needed to process and store such a huge amount of information. In present the traditional signature-based database cannot represent the behavioral semantics of malicious code. Therefore, people cannot know what malware will do on a computer system. To solve this issue, we apply ontology technique into the malware domain, and propose the method for constructing malware knowledge base. We design the concept classes and object properties of malware, and propose the method for representing semantics of malware behavior. The data mining method, Apriori algorithm, is applied to extract the common behaviors of individuals belonging to the same family, and common behaviors are used to represent the knowledge of a malware family. The experimental results show that the data mining method can discover the common behaviors of the malware family, and the common behaviors mined can effectively classify the malware families. (C) 2019 Elsevier Ltd. All rights reserved.