TWMAN+

A type-2 fuzzy ontology model for malware behavior analysis

Hsien De Huang, Chang Shing Lee, Hani Hagras, Hung-Yu Kao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Classical ontology is not sufficient to deal with vague or imprecise knowledge for real world applications such as malware behavioral analysis. In addition, malware has grown into a pressing problem for governments and commercial organizations. Anti-malware applications represent one of the most important research topics in the area of information security threat. As a countermeasure, enhanced systems for analyzing the behavior of malware are needed in order to predict malicious actions and minimize computer damages. Many researchers use Virtual Machine (VM) systems to monitor malware behavior, but there are many Anti-VM techniques which are used to counteract the collection, analysis, and reverse engineering features of the VM based malware analysis platform. Therefore, malware researchers are likely to obtain inaccurate analysis from the VM based approach. For this reason, we have developed the Taiwan Malware Analysis Net (TWMAN) which uses a real operating system environment to improve the accuracy of malware behavior analysis and has integrated Type-1 Fuzzy Set (T1FS), Ontology, and Fuzzy Markup Language (FML) on 2010. In this paper, we use Interval Type-2 Fuzzy Set (IT2FS), eggdrop, and glftpd as a cloud service (software as a service) on the Google App Engine along with Python and Android. We believe this system can help improve the correctness of malware analysis results and reduce the rate of malware misdiagnosis.

Original languageEnglish
Title of host publicationProceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012
Pages2821-2826
Number of pages6
DOIs
Publication statusPublished - 2012 Dec 1
Event2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012 - Seoul, Korea, Republic of
Duration: 2012 Oct 142012 Oct 17

Publication series

NameConference Proceedings - IEEE International Conference on Systems, Man and Cybernetics
ISSN (Print)1062-922X

Other

Other2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012
CountryKorea, Republic of
CitySeoul
Period12-10-1412-10-17

Fingerprint

Ontology
Fuzzy sets
Malware
Computer monitors
Markup languages
Reverse engineering
Computer operating systems
Security of data
Application programs
Computer systems
Engines
Virtual machine

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering
  • Control and Systems Engineering
  • Human-Computer Interaction

Cite this

Huang, H. D., Lee, C. S., Hagras, H., & Kao, H-Y. (2012). TWMAN+: A type-2 fuzzy ontology model for malware behavior analysis. In Proceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012 (pp. 2821-2826). [6378176] (Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics). https://doi.org/10.1109/ICSMC.2012.6378176
Huang, Hsien De ; Lee, Chang Shing ; Hagras, Hani ; Kao, Hung-Yu. / TWMAN+ : A type-2 fuzzy ontology model for malware behavior analysis. Proceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012. 2012. pp. 2821-2826 (Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics).
@inproceedings{ba88b3ef0a3a40669c06b62103d130b8,
title = "TWMAN+: A type-2 fuzzy ontology model for malware behavior analysis",
abstract = "Classical ontology is not sufficient to deal with vague or imprecise knowledge for real world applications such as malware behavioral analysis. In addition, malware has grown into a pressing problem for governments and commercial organizations. Anti-malware applications represent one of the most important research topics in the area of information security threat. As a countermeasure, enhanced systems for analyzing the behavior of malware are needed in order to predict malicious actions and minimize computer damages. Many researchers use Virtual Machine (VM) systems to monitor malware behavior, but there are many Anti-VM techniques which are used to counteract the collection, analysis, and reverse engineering features of the VM based malware analysis platform. Therefore, malware researchers are likely to obtain inaccurate analysis from the VM based approach. For this reason, we have developed the Taiwan Malware Analysis Net (TWMAN) which uses a real operating system environment to improve the accuracy of malware behavior analysis and has integrated Type-1 Fuzzy Set (T1FS), Ontology, and Fuzzy Markup Language (FML) on 2010. In this paper, we use Interval Type-2 Fuzzy Set (IT2FS), eggdrop, and glftpd as a cloud service (software as a service) on the Google App Engine along with Python and Android. We believe this system can help improve the correctness of malware analysis results and reduce the rate of malware misdiagnosis.",
author = "Huang, {Hsien De} and Lee, {Chang Shing} and Hani Hagras and Hung-Yu Kao",
year = "2012",
month = "12",
day = "1",
doi = "10.1109/ICSMC.2012.6378176",
language = "English",
isbn = "9781467317146",
series = "Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics",
pages = "2821--2826",
booktitle = "Proceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012",

}

Huang, HD, Lee, CS, Hagras, H & Kao, H-Y 2012, TWMAN+: A type-2 fuzzy ontology model for malware behavior analysis. in Proceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012., 6378176, Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics, pp. 2821-2826, 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012, Seoul, Korea, Republic of, 12-10-14. https://doi.org/10.1109/ICSMC.2012.6378176

TWMAN+ : A type-2 fuzzy ontology model for malware behavior analysis. / Huang, Hsien De; Lee, Chang Shing; Hagras, Hani; Kao, Hung-Yu.

Proceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012. 2012. p. 2821-2826 6378176 (Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - TWMAN+

T2 - A type-2 fuzzy ontology model for malware behavior analysis

AU - Huang, Hsien De

AU - Lee, Chang Shing

AU - Hagras, Hani

AU - Kao, Hung-Yu

PY - 2012/12/1

Y1 - 2012/12/1

N2 - Classical ontology is not sufficient to deal with vague or imprecise knowledge for real world applications such as malware behavioral analysis. In addition, malware has grown into a pressing problem for governments and commercial organizations. Anti-malware applications represent one of the most important research topics in the area of information security threat. As a countermeasure, enhanced systems for analyzing the behavior of malware are needed in order to predict malicious actions and minimize computer damages. Many researchers use Virtual Machine (VM) systems to monitor malware behavior, but there are many Anti-VM techniques which are used to counteract the collection, analysis, and reverse engineering features of the VM based malware analysis platform. Therefore, malware researchers are likely to obtain inaccurate analysis from the VM based approach. For this reason, we have developed the Taiwan Malware Analysis Net (TWMAN) which uses a real operating system environment to improve the accuracy of malware behavior analysis and has integrated Type-1 Fuzzy Set (T1FS), Ontology, and Fuzzy Markup Language (FML) on 2010. In this paper, we use Interval Type-2 Fuzzy Set (IT2FS), eggdrop, and glftpd as a cloud service (software as a service) on the Google App Engine along with Python and Android. We believe this system can help improve the correctness of malware analysis results and reduce the rate of malware misdiagnosis.

AB - Classical ontology is not sufficient to deal with vague or imprecise knowledge for real world applications such as malware behavioral analysis. In addition, malware has grown into a pressing problem for governments and commercial organizations. Anti-malware applications represent one of the most important research topics in the area of information security threat. As a countermeasure, enhanced systems for analyzing the behavior of malware are needed in order to predict malicious actions and minimize computer damages. Many researchers use Virtual Machine (VM) systems to monitor malware behavior, but there are many Anti-VM techniques which are used to counteract the collection, analysis, and reverse engineering features of the VM based malware analysis platform. Therefore, malware researchers are likely to obtain inaccurate analysis from the VM based approach. For this reason, we have developed the Taiwan Malware Analysis Net (TWMAN) which uses a real operating system environment to improve the accuracy of malware behavior analysis and has integrated Type-1 Fuzzy Set (T1FS), Ontology, and Fuzzy Markup Language (FML) on 2010. In this paper, we use Interval Type-2 Fuzzy Set (IT2FS), eggdrop, and glftpd as a cloud service (software as a service) on the Google App Engine along with Python and Android. We believe this system can help improve the correctness of malware analysis results and reduce the rate of malware misdiagnosis.

UR - http://www.scopus.com/inward/record.url?scp=84872375713&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84872375713&partnerID=8YFLogxK

U2 - 10.1109/ICSMC.2012.6378176

DO - 10.1109/ICSMC.2012.6378176

M3 - Conference contribution

SN - 9781467317146

T3 - Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics

SP - 2821

EP - 2826

BT - Proceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012

ER -

Huang HD, Lee CS, Hagras H, Kao H-Y. TWMAN+: A type-2 fuzzy ontology model for malware behavior analysis. In Proceedings 2012 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2012. 2012. p. 2821-2826. 6378176. (Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics). https://doi.org/10.1109/ICSMC.2012.6378176