Papers
Topics
Authors
Recent
Detailed Answer
Quick Answer
Concise responses based on abstracts only
Detailed Answer
Well-researched responses based on abstracts and relevant paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses
Gemini 2.5 Flash
Gemini 2.5 Flash 91 tok/s
Gemini 2.5 Pro 54 tok/s Pro
GPT-5 Medium 16 tok/s Pro
GPT-5 High 20 tok/s Pro
GPT-4o 108 tok/s Pro
Kimi K2 212 tok/s Pro
GPT OSS 120B 471 tok/s Pro
Claude Sonnet 4 38 tok/s Pro
2000 character limit reached

Semantic Data Representation for Explainable Windows Malware Detection Models (2403.11669v1)

Published 18 Mar 2024 in cs.CR

Abstract: Ontologies are a standard tool for creating semantic schemata in many knowledge intensive domains of human interest. They are becoming increasingly important also in the areas that have been until very recently dominated by subsymbolic knowledge representation and machine-learning (ML) based data processing. One such area is information security, and specifically, malware detection. We thus propose PE Malware Ontology that offers a reusable semantic schema for Portable Executable (PE - the Windows binary format) malware files. This ontology is inspired by the structure of the EMBER dataset, which focuses on the static malware analysis of PE files. With this proposal, we hope to provide a unified semantic representation for the existing and future PE-malware datasets and facilitate the application of symbolic, neuro-symbolic, or otherwise explainable approaches in the PE-malware-detection domain, which may produce interpretable results described by the terms defined in our ontology. In addition, we also publish semantically treated EMBER data, including fractional datasets, to support the reproducibility of experiments on EMBER. We supplement our work with a preliminary case study, conducted using concept learning, to show the general feasibility of our approach. While we were not able to match the precision of the state-of-the-art ML tools, the learned malware discriminators were interesting and highly interpretable.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (49)
  1. doi:10.1016/j.cose.2018.11.001.
  2. doi:10.1109/ICISC44355.2019.9036424.
  3. doi:10.1109/PDGC50313.2020.9315764.
  4. doi:10.1016/J.SYSARC.2020.101861. URL https://doi.org/10.1016/j.sysarc.2020.101861
  5. doi:10.1609/AAAI.V35I11.17131.
  6. doi:10.1109/TPSISA52974.2021.00013.
  7. doi:10.3390/JCP2040041. URL https://doi.org/10.3390/jcp2040041
  8. doi:10.1007/978-3-030-90019-9_11.
  9. doi:10.1145/2939672.2939778.
  10. doi:10.1016/j.cose.2021.102198.
  11. doi:10.1007/978-3-030-86261-9_5.
  12. doi:10.1007/978-3-030-97087-1_5.
  13. doi:10.1613/JAIR.4017.
  14. doi:10.1007/978-3-319-98842-9_1.
  15. doi:10.1109/ICMLC.2017.8107737.
  16. doi:10.1016/J.COSE.2019.101574.
  17. doi:10.5555/1577069.1755874.
  18. doi:10.1109/ACCESS.2019.2906934.
  19. doi:10.1016/j.cose.2019.101682.
  20. doi:10.1049/iet-ifs.2019.0189.
  21. doi:10.1093/BIB/BBL027.
  22. doi:10.1016/J.ESWA.2014.02.045.
  23. doi:10.3233/SW-180293.
  24. doi:10.1007/978-3-540-87696-0_29.
  25. doi:10.1016/J.ENGAPPAI.2004.11.011.
  26. doi:10.1145/2844544.
  27. doi:10.1007/978-3-030-35758-0_1.
  28. doi:10.1007/978-981-99-8385-8_13.
  29. doi:10.1016/J.WEBSEM.2003.07.001.
  30. doi:10.1016/J.WEBSEM.2008.05.001.
  31. doi:10.1007/S10817-014-9305-1.
  32. doi:10.1016/J.WEBSEM.2014.06.003.
  33. doi:10.1007/S10817-013-9296-3.
  34. doi:10.1145/2757001.2757003.
  35. Classification of malware PE headers, [Online; accessed 2022-10-08]. URL https://github.com/urwithajit9/ClaMP
  36. VirusTotal, [Online; accessed 2022-10-08]. URL https://www.virustotal.com/
  37. VirusShare, [Online; accessed 2022-05-15]. URL https://virusshare.com
  38. MalShare, [Online; accessed 2022-10-15]. URL https://malshare.com/
  39. Malware initial assessment, [Online; accessed 2022-10-08]. URL https://www.winitor.com/
  40. doi:10.1007/978-0-387-39940-9_565.
  41. doi:10.24963/ijcai.2019/233.
  42. doi:10.3233/978-1-61499-340-7-i.
  43. doi:10.1016/j.websem.2011.01.001.
  44. doi:10.1145/3485447.3511925.
  45. doi:10.24963/IJCAI.2023/373.
  46. doi:10.1016/j.fss.2021.07.002.
  47. doi:10.1109/CANDARW.2019.00069.
  48. doi:10.48550/ARXIV.2303.07192.
  49. doi:10.1016/J.ARTINT.2022.103822.
Citations (1)
View on Semantic Scholar
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-Up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now