[MAEC] December 14 Working Session Agenda

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[MAEC] December 14 Working Session Agenda

Kirillov, Ivan A.

Hi All,

 

For tomorrow’s working session, we’ll be discussing the data model around the Malware Instance and specifically how we group and capture various features. I’ve attached a mindmap that lays out our current thinking on the model and its properties; items in italics are referenced from their corresponding entity, and those in Courier New font and parentheses are simply examples to provide guidance as to the types of data that are captured under the entity.

 

Key things to consider include:

 

·         Do the organizing categories (e.g., Behavioral Features) for the various features make sense?

·         Are there missing types of features and metadata that we need to capture?

 

Regards,

Ivan Kirillov
MAEC Project

MITRE


Malware Instance.png (57K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [MAEC] December 14 Working Session Agenda

Terry MacDonald
Hi Ivan,

Have you considered using the new CAPEC categories that have been proposed on that mailing list? (included for reference below):

- Engage in Deceptive Interactions
- Abuse Existing Functionality
- Contaminate System Resources
- Inject Unexpected Items
- Use Probabilistic Techniques
- Manipulate Timing and State
- Collect and Analyze Information
- Subvert Access Control

Could it work? I've also attached the mindmap that Drew did...​​

I can't decide if it would be useful to include in MAEC or not.

Cheers
Terry MacDonald
Cosive

On 14 December 2016 at 10:42, Kirillov, Ivan A. <[hidden email]> wrote:

Hi All,

 

For tomorrow’s working session, we’ll be discussing the data model around the Malware Instance and specifically how we group and capture various features. I’ve attached a mindmap that lays out our current thinking on the model and its properties; items in italics are referenced from their corresponding entity, and those in Courier New font and parentheses are simply examples to provide guidance as to the types of data that are captured under the entity.

 

Key things to consider include:

 

·         Do the organizing categories (e.g., Behavioral Features) for the various features make sense?

·         Are there missing types of features and metadata that we need to capture?

 

Regards,

Ivan Kirillov
MAEC Project

MITRE



mechanisms_of_attack.jpg (307K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [MAEC] December 14 Working Session Agenda

Kirillov, Ivan A.

Hi Terry,

 

Thanks for the pointer – I hadn’t seen the new CAPEC categories yet. On the outset, they seem to be a bit abstract for the types of things that we’re capturing, though I could see mappings between MAEC Capabilities and Behaviors and their corresponding (parent?) CAPEC entries.

 

Regards,

Ivan

 

From: Terry MacDonald <[hidden email]>
Date: Tuesday, December 13, 2016 at 5:44 PM
To: Ivan Kirillov <[hidden email]>
Cc: maec-discussion-list Malware Attribute Enumeration Discussion <[hidden email]>
Subject: Re: [MAEC] December 14 Working Session Agenda

 

Hi Ivan,

 

Have you considered using the new CAPEC categories that have been proposed on that mailing list? (included for reference below):


- Engage in Deceptive Interactions
- Abuse Existing Functionality
- Contaminate System Resources
- Inject Unexpected Items
- Use Probabilistic Techniques
- Manipulate Timing and State
- Collect and Analyze Information
- Subvert Access Control

 

Could it work? I've also attached the mindmap that Drew did...​​

 

I can't decide if it would be useful to include in MAEC or not.


Cheers
Terry MacDonald

Cosive

 

On 14 December 2016 at 10:42, Kirillov, Ivan A. <[hidden email]> wrote:

Hi All,

 

For tomorrow’s working session, we’ll be discussing the data model around the Malware Instance and specifically how we group and capture various features. I’ve attached a mindmap that lays out our current thinking on the model and its properties; items in italics are referenced from their corresponding entity, and those in Courier New font and parentheses are simply examples to provide guidance as to the types of data that are captured under the entity.

 

Key things to consider include:

 

·         Do the organizing categories (e.g., Behavioral Features) for the various features make sense?

·         Are there missing types of features and metadata that we need to capture?

 

Regards,

Ivan Kirillov
MAEC Project

MITRE