An Ontology Of Suspicious Software Behavior

Gregio; Andre; Bonacin; Rodrigo; de Marchi; Antonio Carlos; Nabuco; Olga Fernanda; de Geus; Paulo Licio

Artículos de revistas

Registro en:

Applied Ontology. Ios Press, v. 11, p. 29 - 49, 2016.

1570-5838

1875-8533

WOS:000373211700002

10.3233/AO-160163

http://content.iospress.com/articles/applied-ontology/ao163

http://repositorio.unicamp.br/jspui/handle/REPOSIP/328014

http://repositorioslatinoamericanos.uchile.cl/handle/2250/1365039

Autor

Gregio

Andre; Bonacin

Rodrigo; de Marchi

Antonio Carlos; Nabuco

Olga Fernanda; de Geus

Paulo Licio

Institución

Universidade Estadual de Campinas (Brasil)

Resumen

Malicious programs have been the main actors in complex, sophisticated attacks against nations, governments, diplomatic agencies, private institutions and people. Knowledge about malicious program behavior forms the basis for constructing more secure information systems. In this article, we introduce MBO, a Malicious Behavior Ontology that represents complex behaviors of suspicious executions, and through inference rules calculates their associated threat level for analytical proposals. We evaluate MBO using over two thousand unique known malware and 385 unique known benign software. Results highlight the representativeness of the MBO for expressing typical malicious activities.

Materias

Security Ontology

Malware Behavior

Threat Analysis

Mostrar el registro completo del ítem