h i g h l i g h t s • Describes interoperability issues in an ontology engineering process. • Presents the design of a cross domain large ontology. • Presents experiences of using the ontology in an information recovery scenario.
The ubiquity of Internet-connected devices motivates attackers to create malicious programs (malware) to exploit users and their systems. Malware detection requires a deep understanding of their possible behaviors, one that is detailed enough to tell apart suspicious programs from benign, legitimate ones. A step to effectively address the malware problem leans toward the development of an ontology. Current efforts are based on an obsolete hierarchy of malware classes that defines a malware family by one single prevalent behavior (e.g., viruses infect other files, worms spread and exploit remote systems autonomously, Trojan horses disguise themselves as benign programs, and so on). In order to address the detection of modern, complex malware families whose infections involve sets of multiple exploit methods, we need an ontology broader enough to deal with these suspicious activities performed on the victim's system. In this paper, we propose a core model for a novel malware ontology that is based on their exhibited behavior, filling a gap in the field.
Malicious programs have been the main actors in complex, sophisticated attacks against nations, governments, diplomatic agencies, private institutions and people. Knowledge about malicious program behavior forms the basis for constructing more secure information systems. In this article, we introduce MBO, a Malicious Behavior Ontology that represents complex behaviors of suspicious executions, and through inference rules calculates their associated threat level for analytical proposals. We evaluate MBO using over two thousand unique known malware and 385 unique known benign software. Results highlight the representativeness of the MBO for expressing typical malicious activities.
Failures during web service execution may depend on a wide variety of causes, such as network faults, server crashes, or application-related errors, such as unavailability of a requested web service, errors in the orchestration of choreography of applications, missing data or parameters in an execution flow, or low Quality of Service (QoS). In this paper, we propose a healing architecture able to handle web service faults in a selfhealing way, discussing infrastructural faults and web service and Web application faults. The self-healing architecture manages repair actions, such as substitution of a faulty service or duplication of overloaded services. Implemented prototypes involving QoS in coordinated web services are illustrated and discussed. 1
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.