Automatic Generation of MAEC and STIX Standards for Android Malware Threat Intelligence

• Jungsoo Park,
• Long Nguyen Vu,
• George Bencivengo,
• Souhwan Jung,

Vol. 14, No. 8, August 31, 2020
10.3837/tiis.2020.08.015, Download Paper (Free):

• MAEC
• STIX
• Android Malware
• Cyber Threat Intelligence

Abstract

Due to the increasing number of malicious software (also known as malware), methods for sharing threat information are being studied by various organizations. The Malware Attribute Enumeration and Characterization (MAEC) format of malware is created by analysts, converted to Structured Threat Information Expression (STIX), and distributed by using Trusted Automated eXchange of Indicator Information (TAXII) protocol. Currently, when sharing malware analysis results, analysts have to manually input them into MAEC. Not many analysis results are shared publicly. In this paper, we propose an automated MAEC conversion technique for sharing analysis results of malicious Android applications. Upon continuous research and study of various static and dynamic analysis techniques of Android Applications, we developed a conversion tool by classifying parts that can be converted automatically through MAEC standard analysis, and parts that can be entered manually by analysts. Also using MAEC-to-STIX conversion, we have discovered that the MAEC file can be converted into STIX. Although other researches have been conducted on automatic conversion techniques of MAEC, they were limited to Windows and Linux only. In further verification of the conversion rate, we confirmed that analysts could improve the efficiency of analysis and establish a faster sharing system to cope with various Android malware using our proposed technique.

Statistics

Cite this article