A Formal Concept Analysis approach to hierarchical description of malware threats

Data mining
Formal concept analysis
Imprecise information
Machine learning
Pattern recognition
Text mining
Authors

Manuel Ojeda Hernández

Domingo López-Rodríguez

Ángel Mora

Published

1 September 2024

Publication details

Forensic Science International: Digital Investigation vol. 50 , pages 301797.

Links

DOI

 



Abstract

The problem of intelligent malware detection has become increasingly relevant in the industry, as there has been an explosion in the diversity of threats and attacks that affect not only small users, but also large organisations and governments. One of the problems in this field is the lack of homogenisation or standardisation in the nomenclature used by different antivirus programs for different malware threats. The lack of a clear definition of what a category is and how it relates to individual threats makes it difficult to share data and extract common information from multiple antivirus programs. Therefore, efforts to create a common naming convention and hierarchy for malware are important to improve collaboration and information sharing in this field. Our approach uses as a tool the methods of Formal Concept Analysis (FCA) to model and attempt to solve this problem. FCA is an algebraic framework able to discover useful knowledge in the form of a concept lattice and implications relating to the detection and diagnosis of suspicious files and threats. The knowledge extracted using this mathematical tool illustrates how formal methods can help prevent new threats and attacks. We will show the results of applying the proposed methodology to the identification of hierarchical relationships between malware.

Funding

NoteProjects funding this work

VALID: Verifiable Algebraic and Logic tools for Imperfect Data

Formal concept analysis
Fuzzy logic
Uncertainty
Imprecise information
1 September 2023
Manuel Ojeda-Aciego, Domingo López-Rodríguez
No matching items

Citation

Please, cite this work as:

[OLM24] M. Ojeda-Hernández, D. López-Rodríguez, and Á. Mora. “A Formal Concept Analysis approach to hierarchical description of malware threats”. In: Forensic Science International: Digital Investigation 50 (2024), p. 301797. ISSN: 2666-2817. DOI: https://doi.org/10.1016/j.fsidi.2024.301797. URL: https://www.sciencedirect.com/science/article/pii/S2666281724001215.

@article{OJEDAHERNANDEZ2024301797,
    title = {A Formal Concept Analysis approach to hierarchical description of malware threats},
    journal = {Forensic Science International: Digital Investigation},
    volume = {50},
    pages = {301797},
    year = {2024},
    issn = {2666-2817},
    doi = {https://doi.org/10.1016/j.fsidi.2024.301797},
    url = {https://www.sciencedirect.com/science/article/pii/S2666281724001215},
    author = {Manuel Ojeda-Hernández and Domingo López-Rodríguez and Ángel Mora},
    keywords = {Formal Concept Analysis, Hierarchy, Malware classification},
    abstract = {The problem of intelligent malware detection has become increasingly relevant in the industry, as there has been an explosion in the diversity of threats and attacks that affect not only small users, but also large organisations and governments. One of the problems in this field is the lack of homogenisation or standardisation in the nomenclature used by different antivirus programs for different malware threats. The lack of a clear definition of what a category is and how it relates to individual threats makes it difficult to share data and extract common information from multiple antivirus programs. Therefore, efforts to create a common naming convention and hierarchy for malware are important to improve collaboration and information sharing in this field. Our approach uses as a tool the methods of Formal Concept Analysis (FCA) to model and attempt to solve this problem. FCA is an algebraic framework able to discover useful knowledge in the form of a concept lattice and implications relating to the detection and diagnosis of suspicious files and threats. The knowledge extracted using this mathematical tool illustrates how formal methods can help prevent new threats and attacks. We will show the results of applying the proposed methodology to the identification of hierarchical relationships between malware.}
}

Bibliometric data

The following data has been extracted from resources such as OpenAlex, Dimensions, PlumX or Altmetric.

A Formal Concept Analysis approach to hierarchical description of malware threats

Cites

The following graph plots the number of cites received by this work from its publication, on a yearly basis.

Papers citing this work

The following is a non-exhaustive list of papers that cite this work:

  1. Domingo López-Rodríguez, Manuel Ojeda-Hernández, Tim Pattison (2025). Systems of implications obtained using the Carve decomposition of a formal context. Knowledge-Based Systems DOI
  2. M. Eugenia Cornejo, Jesús Medina, F. Ocaña (2025). Theories, models and bases of attribute implications in multi-adjoint concept lattices with hedges. Computational and Applied Mathematics DOI
  3. S. B. Chandini, A. B. Rajendra, Vinayakumar Ravi, et al. (2025). Efficient hybrid feature selection using intrinsic and metaheuristic optimization algorithm and classification of malware using ensemble learning algorithm. Cluster Computing DOI
  4. Dominika Kotlárová, Pavol Sokol, Ondrej Krídlo, et al. (2025). Formal Concept Analysis as a Framework for Cyber Situational Awareness. DOI