TWMAN+: A Type-2 fuzzy ontology model for malware behavior analysis

Classical ontology is not sufficient to deal with vague or imprecise knowledge for real world applications such as malware behavioral analysis. In addition, malware has grown into a pressing problem for governments and commercial organizations. Anti-malware applications represent one of the most important research topics in the area of information security threat. As a countermeasure, enhanced systems for analyzing the behavior of malware are needed in order to predict malicious actions and minimize computer damages. Many researchers use Virtual Machine (VM) systems to monitor malware behavior, but there are many Anti-VM techniques which are used to counteract the collection, analysis, and reverse engineering features of the VM based malware analysis platform. Therefore, malware researchers are likely to obtain inaccurate analysis from the VM based approach. For this reason, we have developed the Taiwan Malware Analysis Net (TWMAN) which uses a real operating system environment to improve the accuracy of malware behavior analysis and has integrated Type-1 Fuzzy Set (T1FS), Ontology, and Fuzzy Markup Language (FML) on 2010. In this paper, we use Interval Type-2 Fuzzy Set (IT2FS), eggdrop, and glftpd as a cloud service (software as a service) on the Google App Engine along with Python and Android. We believe this system can help improve the correctness of malware analysis results and reduce the rate of malware misdiagnosis.