We present MalONT2.0 — an ontology for malware threat intelligence
cite{rastogi2020malont}. New classes (attack patterns, infrastructural
resources to enable attacks, malware analysis to incorporate static analysis,
and dynamic analysis of binaries) and relations have been added following a
broadened scope of core competency questions. MalONT2.0 allows researchers to
extensively capture all requisite classes and relations that gather semantic
and syntactic characteristics of an android malware attack. This ontology forms
the basis for the malware threat intelligence knowledge graph, MalKG, which we
exemplify using three different, non-overlapping demonstrations. Malware
features have been extracted from CTI reports on android threat intelligence
shared on the Internet and written in the form of unstructured text. Some of
these sources are blogs, threat intelligence reports, tweets, and news
articles. The smallest unit of information that captures malware features is
written as triples comprising head and tail entities, each connected with a
relation. In the poster and demonstration, we discuss MalONT2.0, MalKG, as well
as the dynamically growing knowledge graph, TINKER.

By admin