Ontological Analysis of MAEC and STIX for Dynamic Malware Analysis
A new paper on arXiv (2605.31199) presents MAECO-Lite, a modular ontology designed to improve dynamic malware analysis. The research identifies ontological mismatches in existing standards MAEC and STIX, which conflate enduring malware artifacts with runtime events. Using the Unified Foundational Ontology (UFO) as a theoretical lens, the authors reveal how these conflations obscure important distinctions. The study aims to provide a semantically precise yet practical framework for capturing dynamic malware behavior in cyber threat intelligence.
Key facts
- Paper published on arXiv with ID 2605.31199
- Introduces MAECO-Lite ontology
- Analyzes MAEC and STIX standards
- Uses Unified Foundational Ontology (UFO)
- Identifies conflation of artifacts, dispositions, and runtime events
- Focuses on dynamic malware analysis
- Aims to improve semantic precision in cyber threat intelligence
- Announce type is cross
Entities
Institutions
- arXiv