Article: Malicious program ontology rule set based on association decision and linear discriminant Journal: International Journal of Electronic Security and Digital Forensics (IJESDF) 2024 Vol.16 No.2 pp.135 - 159 Abstract: Aiming at the problems of poor scalability and long-time consumption in building inference rule sets manually for malware domain ontology, an automatic generation method for malware ontology rule sets is proposed. We extract the behaviour characteristics of malicious programs by defining a formal extended description method based on the frequency of API calls of malicious programs and combining the frequency of API functions. Based on association rules and decision trees, the behaviour characteristics of malicious programs are mined to form a fine-grained redefined rule set of malicious program categories, and SWRL rule language is used to semantic transform the rule set. In addition, the coarse granularity classification of program behaviour rules is implemented based on Fisher linear discriminant algorithm. The generation efficiency of malware ontology rules generated by us is 10.08 pieces/second, and the inference detection rate of unknown samples reaches 89.92%. Inderscience Publishers - linking academia, business and industry through research

Title: Malicious program ontology rule set based on association decision and linear discriminant

Authors: Chenghua Tang; Min Hu; Mengmeng Yang; Baohua Qiang

Addresses: Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin, China; Guangxi Key Laboratory of Cryptography and Information Security, Guilin, China ' School of Computer Science and Information Security, Guilin University of Electronic Technology, Guilin, China ' Strategic Centre for Research in Privacy-Preserving Technologies and Systems, Nanyang Technological University, Singapore ' Guangxi Cloud Computing and Big Data Collaborative Innovation Center, Guilin University of Electronic Technology, Guilin, China

Abstract: Aiming at the problems of poor scalability and long-time consumption in building inference rule sets manually for malware domain ontology, an automatic generation method for malware ontology rule sets is proposed. We extract the behaviour characteristics of malicious programs by defining a formal extended description method based on the frequency of API calls of malicious programs and combining the frequency of API functions. Based on association rules and decision trees, the behaviour characteristics of malicious programs are mined to form a fine-grained redefined rule set of malicious program categories, and SWRL rule language is used to semantic transform the rule set. In addition, the coarse granularity classification of program behaviour rules is implemented based on Fisher linear discriminant algorithm. The generation efficiency of malware ontology rules generated by us is 10.08 pieces/second, and the inference detection rate of unknown samples reaches 89.92%.

Keywords: malicious programs; behaviour ontology; SWRL rule set; API functions; behaviour characteristics.

DOI: 10.1504/IJESDF.2024.137019

International Journal of Electronic Security and Digital Forensics, 2024 Vol.16 No.2, pp.135 - 159

Received: 31 Aug 2022
Accepted: 15 Nov 2022
Published online: 01 Mar 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Malicious program ontology rule set based on association decision and linear discriminant

Keep up-to-date