| Summary: | Malware investigation is a major issue in fighting cybercrime. Because most of the research in this area comes from commercial companies, there is a bigger emphasis on detection rather than attribution (i.e., finding the criminal). Regarding this challenge, we believe that semantic technologies could help the human analyst to reveal relationships among the rich dataset of artefacts within the malware ecosystem. Aiming at a better balance between human reasoning skills and computer processing capabilities, we reproduce the rationale described in a relevant malware investigation report from 2015 [8]. Differently from most published reports, its transparent methodology and analysis of competing hypotheses regarding a sample of 52 distinct exploit files made it possible to create the ItCo ontology as a case study. By leveraging domain-specific entities and incremental exporting of axioms, it was possible to reach the same conclusions as the authors.Further on, by adding more samples from another data source to the knowledge base, we were able to find new relationships in a semi-automated, scalable fashion.
|
|---|