Abstract
Antimalware application is one of the most important research issues in the area of cyber security threat. Nowadays, because hackers continuously develop novel techniques to intrude into computer systems for various reasons, many security researchers should analyze and track new malicious program to protect sensitive and valuable information in the organization. In this paper, we propose a novel soft-computing mechanism based on the ontology model for malware behavioral analysis: Malware Analysis Network in Taiwan (MAN in Taiwan, MiT). The core techniques of MiT contain two parts listed as follows: (1) collect the logs of network connection, registry, and memory from the operation system on the physical-virtual hybrid analysis environment to get and extract more unknown malicious behavior information. The important information is then extracted to construct the ontology model by using the Web Ontology Language and Fuzzy Markup Language. Additionally, MiT is also able to automatically provide and share samples and reports via the cloud storage mechanism; (2) apply the techniques of Interval Type-2 Fuzzy Set to construct the malware analysis domain knowledge, namely the Interval Type-2 Fuzzy Malware Ontology (IT2FMO), for malware behavior analysis. Simulation results show that the proposed approach can effectively execute the malware behavior analysis, and the constructed system has also released under GNU General Public License version 3. In the future, the system is expected to largely collect and analyze malware samples for providing industries or universities to do related applications via the established IT2FMO.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Acampora G, Loia V (2005) Fuzzy control interoperability and scalability for adaptive domotic framework. IEEE Trans Indus Inf 1(2):97–111
Acampora G, Loia V (2007) A proposal of an open ubiquitous fuzzy computing system for ambient intelligence. Comput Intell Agent-based Syst 72:1–27
Acampora G, Lee CS, Vitiello A, Wang MH (2012) Evaluating cardiac health through semantic soft computing techniques. Soft Comput 16(7):1165–1181
Bobillo F, Straccia U (2010) Representing fuzzy ontologies in OWL 2. In: 2010 IEEE World Congress on Computational Intelligence IEEE WCCI 2010, Barcelona, Spain, Jul 18–23, 2010
Carlsson C, Brunelli M, Mezei J (2012) Decision making with a fuzzy ontology. Soft Comput 16(7):1143–1152
Castillo O, Melin P, Alanis A, Montiel O, Sepulveda R (2011) Optimization of interval type-2 fuzzy logic controllers using evolutionary algorithms. Soft Comput 15(6):1145–1160
Dai SY, Fyodor Y, Kuo SY, Wu MW, Huang Y (2011) Malware profiler based on innovative behavior-awareness technique. In: 2011 IEEE 17th pacific rim international symposium on dependable computing (PRDC2011), Pasadena, California, USA, Dec 12–14, 2011
Dai SY, Fyodor Y, Wu MW, Huang Y, Kuo SY (2012) Holography: a behavior-based profiler for malware analysis. J Softw Practice Experience 42:1107–1136
De Maio C, Fenza G, Furno D, Loia V, Senatore S (2012) OWL-FC: an upper ontology for semantic modeling of fuzzy control. Soft Comput 16(7):1153–1164
Hagras H (2004) A hierarchical type-2 fuzzy logic control architecture for autonomous mobile robots. IEEE Trans Fuzzy Syst 12(4):524–539
Hagras H (2007) Type-2 FLCs: a new generation of fuzzy controllers. IEEE Comput Intell Mag 2(1):30–43
Hagras H, Wagner C (2012) Towards the widespread use of type-2 fuzzy logic systems in read world applications. IEEE Comput Intell Mag 7(3):14–24
Ho SH, Yang CL, Chen CY, Hsu CY, Chang YK (2009) An intelligent-mamdani inference scheme for healthcare applications based on fuzzy markup language. In: 2009 10th international symposium on pervasive systems, algorithms, and networks (ISPAN2009), Kaohsiung, Taiwan, Dec 14–16, 2009
Huang HD, Chuang TY, Tsai YL, CS Lee (2010) Ontology-based intelligent system for malware behavioral analysis. In: 2010 IEEE world congress on computational intelligence (IEEE WCCI 2010), Barcelona, Spain, Jul 18–23, 2010
Huang HD, Lee CS, Kao HY, Tsai YL, Chang JG (2011) Malware behavioral analysis system: TWMAN. In: 2011 IEEE symposium on computational intelligence for intelligent agent (IEEE SSCI 2011), Paris, France, Apr 11–15, 2011
Huang HD, Acampora G, Loia V, Lee CS, Kao HY (2011) Applying FML and fuzzy ontologies to malware behavioral analysis. In: 2011 IEEE international conference on fuzzy systems (FUZZ-IEEE 2011), Taipei, Taiwan, Jun 27–30, 2011
Huang HD, Lee CS, Hagras H, Kao HY (2012a) TWMAN+: A Type-2 fuzzy ontology model for malware behavior analysis. In: 2012 IEEE international conference on systems, man, and cybernetics (IEEE SMC 2012). COEX, Seoul, Korea, Oct 14–17, 2012
Huang HD, Acampora G, Loia V, Lee CS, Hagras H, Wang MH, Kao HY, Chang JG (2012b) Fuzzy markup language for malware behavioral analysis. In: Acampora G, Lee CS, Wang MH, Loia V (eds) On the power of Fuzzy Markup Language. Springer, Germany, pp 113–131
Inoue D, Yoshioka K, Eto M, Hoshizawa Y, Nakao K (2008) Malware behavior analysis in isolated miniature network for revealing malware’s network activity. In: IEEE International Conference on Communications (ICC 2008), Beijing, China, May 19–23, 2008
Lau RYK, Dawei S, Yuefeng L, Cheung TCH, Jin-Xing H (2009) Toward a fuzzy domain ontology extraction method for adaptive e-learning. IEEE Trans Knowl Data Eng 21(6):800–813
Lee CS, Wang MH (2009) Ontology-based computational intelligent multi-agent and its application to CMMI assessment. Appl Intell 30(3):203–219
Lee CS, Jian ZW, Huang LK (2005) A fuzzy ontology and its application to news summarization. IEEE Trans Syst Man Cybern B Cybern 35(5):859–880
Lee CS, Wang MH, Hagras H (2010a) A Type-2 fuzzy ontology and its application to personal diabetic-diet recommendation. IEEE Trans Fuzzy Syst 18(2):374–395
Lee CS, Wang MH, Acampora G, Hsu CY, Hagras H (2010b) Diet assessment based on type-2 fuzzy ontology and fuzzy markup language. Int J Intell Syst 25(12):1187–1216
Mendel JM (2001) Uncertain rule-based fuzzy logic systems: introduction and new directions. Prentice Hall, Upper Saddle River
Mendel JM (2007) Type-2 fuzzy sets and systems:an overview. IEEE Computational Intelligence Maganine 2:20–29
Mendel JM, John RI, Liu F (2006) Interval type-2 fuzzy logic systems made simple. IEEE Trans Fuzzy Syst 14(6):808–821
Orriols-Puig A, Casillas J (2011) Fuzzy knowledge representation study for incremental learning in data streams and classification problems. Soft Comput 15(12):2389–2414
Quan TT, Siu CH, Fong ACM, Tru HC (2006) Automatic fuzzy ontology generation for semantic web. IEEE Trans Knowl Data Eng 18(6):842–856
Sahab N, Hagras H (2011) Adaptive non-singleton Type-2 fuzzy logic systems: a way forward for handling numerical uncertainties in real world applications. Int J Comput Commun Control 6(3):503–529
Sanchez FG, Bejar RM, Contreras L, Breis JTF, Nieves DC (2006) An ontology-based intelligent system for recruitment. Expert Syst Appl 31(2):248–263
Sun MK, Lin MJ, Chang M, Laih CS, Lin HT (2011) Malware virtualization-resistant behavior detection. In: 2011 IEEE 17th international conference on parallel and distributed systems (ICPADS 2011), Tainan, Taiwan, Dec 7–9
Valiente MC, Garcia-Barriocanal E, Sicilia MA (2012) Applying ontology-based models for supporting integrated software development and it service management processes. IEEE Trans Syst Man Cybern Part C Appl Rev 42(1):61–74
Wagener G, State R, Dulaunoy A (2008) Malware behaviour analysis. J Comput Virol 4(4):279–287
Wang MH, Lee CS, Hsieh KL, Hsu CY, Chang CC (2009) Intelligent ontological multi-agent for healthy diet planning. In: 2009 IEEE international conference on fuzzy system (FUZZ-IEEE 2009), Jeju Island, Korea, Aug 20–24
Wu D (2012) On the fundamental differences between Type-1 and interval Type-2 fuzzy logic controllers. IEEE Trans Fuzzy Syst 20(5):832–848
Yao B, Hagras H, Ghazzawi DA, Alhaddad MJ (2012) An interval Type-2 fuzzy logic system for human silhouette extraction in dynamic environments. In: 2012 International conference on autonomous and intelligent systems (AIS2012), Aviero, Portugal, Jun 25–27, 2012
Acknowledgments
The authors would like to thank National Science Council in Taiwan for its financial support under the grant NSC 101-2221-E-024-025. The authors also would like to thank Dept. Information and Learning Technology, National University of Tainan in Taiwan, National Cheng Kung University in Taiwan, and Acer eDC company in Taiwan for their kindly support with the Open Source research project MiT.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by G. Acampora.
Rights and permissions
About this article
Cite this article
Huang, HD., Lee, CS., Wang, MH. et al. IT2FS-based ontology with soft-computing mechanism for malware behavior analysis. Soft Comput 18, 267–284 (2014). https://doi.org/10.1007/s00500-013-1056-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-013-1056-0