Soft Computing

, Volume 18, Issue 2, pp 267–284 | Cite as

IT2FS-based ontology with soft-computing mechanism for malware behavior analysis

  • Hsien-De Huang
  • Chang-Shing Lee
  • Mei-Hui Wang
  • Hung-Yu Kao
Methodologies and Application


Antimalware application is one of the most important research issues in the area of cyber security threat. Nowadays, because hackers continuously develop novel techniques to intrude into computer systems for various reasons, many security researchers should analyze and track new malicious program to protect sensitive and valuable information in the organization. In this paper, we propose a novel soft-computing mechanism based on the ontology model for malware behavioral analysis: Malware Analysis Network in Taiwan (MAN in Taiwan, MiT). The core techniques of MiT contain two parts listed as follows: (1) collect the logs of network connection, registry, and memory from the operation system on the physical-virtual hybrid analysis environment to get and extract more unknown malicious behavior information. The important information is then extracted to construct the ontology model by using the Web Ontology Language and Fuzzy Markup Language. Additionally, MiT is also able to automatically provide and share samples and reports via the cloud storage mechanism; (2) apply the techniques of Interval Type-2 Fuzzy Set to construct the malware analysis domain knowledge, namely the Interval Type-2 Fuzzy Malware Ontology (IT2FMO), for malware behavior analysis. Simulation results show that the proposed approach can effectively execute the malware behavior analysis, and the constructed system has also released under GNU General Public License version 3. In the future, the system is expected to largely collect and analyze malware samples for providing industries or universities to do related applications via the established IT2FMO.


Malware behavioral analysis Type-2 fuzzy set Ontology Fuzzy markup language Soft computing 



The authors would like to thank National Science Council in Taiwan for its financial support under the grant NSC 101-2221-E-024-025. The authors also would like to thank Dept. Information and Learning Technology, National University of Tainan in Taiwan, National Cheng Kung University in Taiwan, and Acer eDC company in Taiwan for their kindly support with the Open Source research project MiT.


  1. Acampora G, Loia V (2005) Fuzzy control interoperability and scalability for adaptive domotic framework. IEEE Trans Indus Inf 1(2):97–111CrossRefGoogle Scholar
  2. Acampora G, Loia V (2007) A proposal of an open ubiquitous fuzzy computing system for ambient intelligence. Comput Intell Agent-based Syst 72:1–27CrossRefGoogle Scholar
  3. Acampora G, Lee CS, Vitiello A, Wang MH (2012) Evaluating cardiac health through semantic soft computing techniques. Soft Comput 16(7):1165–1181Google Scholar
  4. Bobillo F, Straccia U (2010) Representing fuzzy ontologies in OWL 2. In: 2010 IEEE World Congress on Computational Intelligence IEEE WCCI 2010, Barcelona, Spain, Jul 18–23, 2010Google Scholar
  5. Carlsson C, Brunelli M, Mezei J (2012) Decision making with a fuzzy ontology. Soft Comput 16(7):1143–1152Google Scholar
  6. Castillo O, Melin P, Alanis A, Montiel O, Sepulveda R (2011) Optimization of interval type-2 fuzzy logic controllers using evolutionary algorithms. Soft Comput 15(6):1145–1160Google Scholar
  7. Dai SY, Fyodor Y, Kuo SY, Wu MW, Huang Y (2011) Malware profiler based on innovative behavior-awareness technique. In: 2011 IEEE 17th pacific rim international symposium on dependable computing (PRDC2011), Pasadena, California, USA, Dec 12–14, 2011Google Scholar
  8. Dai SY, Fyodor Y, Wu MW, Huang Y, Kuo SY (2012) Holography: a behavior-based profiler for malware analysis. J Softw Practice Experience 42:1107–1136CrossRefGoogle Scholar
  9. De Maio C, Fenza G, Furno D, Loia V, Senatore S (2012) OWL-FC: an upper ontology for semantic modeling of fuzzy control. Soft Comput 16(7):1153–1164Google Scholar
  10. Hagras H (2004) A hierarchical type-2 fuzzy logic control architecture for autonomous mobile robots. IEEE Trans Fuzzy Syst 12(4):524–539CrossRefGoogle Scholar
  11. Hagras H (2007) Type-2 FLCs: a new generation of fuzzy controllers. IEEE Comput Intell Mag 2(1):30–43CrossRefGoogle Scholar
  12. Hagras H, Wagner C (2012) Towards the widespread use of type-2 fuzzy logic systems in read world applications. IEEE Comput Intell Mag 7(3):14–24Google Scholar
  13. Ho SH, Yang CL, Chen CY, Hsu CY, Chang YK (2009) An intelligent-mamdani inference scheme for healthcare applications based on fuzzy markup language. In: 2009 10th international symposium on pervasive systems, algorithms, and networks (ISPAN2009), Kaohsiung, Taiwan, Dec 14–16, 2009Google Scholar
  14. Huang HD, Chuang TY, Tsai YL, CS Lee (2010) Ontology-based intelligent system for malware behavioral analysis. In: 2010 IEEE world congress on computational intelligence (IEEE WCCI 2010), Barcelona, Spain, Jul 18–23, 2010Google Scholar
  15. Huang HD, Lee CS, Kao HY, Tsai YL, Chang JG (2011) Malware behavioral analysis system: TWMAN. In: 2011 IEEE symposium on computational intelligence for intelligent agent (IEEE SSCI 2011), Paris, France, Apr 11–15, 2011Google Scholar
  16. Huang HD, Acampora G, Loia V, Lee CS, Kao HY (2011) Applying FML and fuzzy ontologies to malware behavioral analysis. In: 2011 IEEE international conference on fuzzy systems (FUZZ-IEEE 2011), Taipei, Taiwan, Jun 27–30, 2011Google Scholar
  17. Huang HD, Lee CS, Hagras H, Kao HY (2012a) TWMAN+: A Type-2 fuzzy ontology model for malware behavior analysis. In: 2012 IEEE international conference on systems, man, and cybernetics (IEEE SMC 2012). COEX, Seoul, Korea, Oct 14–17, 2012Google Scholar
  18. Huang HD, Acampora G, Loia V, Lee CS, Hagras H, Wang MH, Kao HY, Chang JG (2012b) Fuzzy markup language for malware behavioral analysis. In: Acampora G, Lee CS, Wang MH, Loia V (eds) On the power of Fuzzy Markup Language. Springer, Germany, pp 113–131Google Scholar
  19. Inoue D, Yoshioka K, Eto M, Hoshizawa Y, Nakao K (2008) Malware behavior analysis in isolated miniature network for revealing malware’s network activity. In: IEEE International Conference on Communications (ICC 2008), Beijing, China, May 19–23, 2008Google Scholar
  20. Lau RYK, Dawei S, Yuefeng L, Cheung TCH, Jin-Xing H (2009) Toward a fuzzy domain ontology extraction method for adaptive e-learning. IEEE Trans Knowl Data Eng 21(6):800–813CrossRefGoogle Scholar
  21. Lee CS, Wang MH (2009) Ontology-based computational intelligent multi-agent and its application to CMMI assessment. Appl Intell 30(3):203–219CrossRefGoogle Scholar
  22. Lee CS, Jian ZW, Huang LK (2005) A fuzzy ontology and its application to news summarization. IEEE Trans Syst Man Cybern B Cybern 35(5):859–880CrossRefGoogle Scholar
  23. Lee CS, Wang MH, Hagras H (2010a) A Type-2 fuzzy ontology and its application to personal diabetic-diet recommendation. IEEE Trans Fuzzy Syst 18(2):374–395Google Scholar
  24. Lee CS, Wang MH, Acampora G, Hsu CY, Hagras H (2010b) Diet assessment based on type-2 fuzzy ontology and fuzzy markup language. Int J Intell Syst 25(12):1187–1216CrossRefGoogle Scholar
  25. Mendel JM (2001) Uncertain rule-based fuzzy logic systems: introduction and new directions. Prentice Hall, Upper Saddle RiverGoogle Scholar
  26. Mendel JM (2007) Type-2 fuzzy sets and systems:an overview. IEEE Computational Intelligence Maganine 2:20–29Google Scholar
  27. Mendel JM, John RI, Liu F (2006) Interval type-2 fuzzy logic systems made simple. IEEE Trans Fuzzy Syst 14(6):808–821CrossRefGoogle Scholar
  28. Orriols-Puig A, Casillas J (2011) Fuzzy knowledge representation study for incremental learning in data streams and classification problems. Soft Comput 15(12):2389–2414Google Scholar
  29. Quan TT, Siu CH, Fong ACM, Tru HC (2006) Automatic fuzzy ontology generation for semantic web. IEEE Trans Knowl Data Eng 18(6):842–856CrossRefGoogle Scholar
  30. Sahab N, Hagras H (2011) Adaptive non-singleton Type-2 fuzzy logic systems: a way forward for handling numerical uncertainties in real world applications. Int J Comput Commun Control 6(3):503–529Google Scholar
  31. Sanchez FG, Bejar RM, Contreras L, Breis JTF, Nieves DC (2006) An ontology-based intelligent system for recruitment. Expert Syst Appl 31(2):248–263CrossRefGoogle Scholar
  32. Sun MK, Lin MJ, Chang M, Laih CS, Lin HT (2011) Malware virtualization-resistant behavior detection. In: 2011 IEEE 17th international conference on parallel and distributed systems (ICPADS 2011), Tainan, Taiwan, Dec 7–9Google Scholar
  33. Valiente MC, Garcia-Barriocanal E, Sicilia MA (2012) Applying ontology-based models for supporting integrated software development and it service management processes. IEEE Trans Syst Man Cybern Part C Appl Rev 42(1):61–74CrossRefGoogle Scholar
  34. Wagener G, State R, Dulaunoy A (2008) Malware behaviour analysis. J Comput Virol 4(4):279–287CrossRefGoogle Scholar
  35. Wang MH, Lee CS, Hsieh KL, Hsu CY, Chang CC (2009) Intelligent ontological multi-agent for healthy diet planning. In: 2009 IEEE international conference on fuzzy system (FUZZ-IEEE 2009), Jeju Island, Korea, Aug 20–24Google Scholar
  36. Wu D (2012) On the fundamental differences between Type-1 and interval Type-2 fuzzy logic controllers. IEEE Trans Fuzzy Syst 20(5):832–848CrossRefGoogle Scholar
  37. Yao B, Hagras H, Ghazzawi DA, Alhaddad MJ (2012) An interval Type-2 fuzzy logic system for human silhouette extraction in dynamic environments. In: 2012 International conference on autonomous and intelligent systems (AIS2012), Aviero, Portugal, Jun 25–27, 2012Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Hsien-De Huang
    • 1
  • Chang-Shing Lee
    • 2
  • Mei-Hui Wang
    • 2
  • Hung-Yu Kao
    • 1
  1. 1.Department of Computer Science and Information EngineeringNational Cheng Kung UniversityTainan CityTaiwan
  2. 2.Department of Computer Science and Information EngineeringNational University of TainanTainan CityTaiwan

Personalised recommendations