{"id":"https://openalex.org/W7163068672","doi":"https://doi.org/10.48550/arxiv.2605.31199","title":"MAECO-Lite: Modular Ontology for Dynamic Malware Analysis","display_name":"MAECO-Lite: Modular Ontology for Dynamic Malware Analysis","publication_year":2026,"publication_date":"2026-05-29","ids":{"openalex":"https://openalex.org/W7163068672","doi":"https://doi.org/10.48550/arxiv.2605.31199"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.31199","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.31199","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.31199","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5116776054","display_name":"Zekeri Adams","orcid":"https://orcid.org/0009-0006-3413-2409"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Adams, Zekeri","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137514759","display_name":"Peter \u0160vec","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"\u0160vec, Peter","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137580172","display_name":"J\u00e1n K\u013euka","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"K\u013euka, J\u00e1n","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043987321","display_name":"Roderik Ploszek","orcid":"https://orcid.org/0000-0002-3192-0630"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ploszek, Roderik","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017721658","display_name":"Monday Onoja","orcid":"https://orcid.org/0000-0003-2119-170X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Onoja, Monday","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078877757","display_name":"\u0160tefan Balogh","orcid":"https://orcid.org/0000-0003-0634-9476"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Balogh, \u0160tefan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5058838804","display_name":"Martin Homola","orcid":"https://orcid.org/0000-0001-6384-9771"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Homola, Martin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8402000069618225,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8402000069618225,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10906","display_name":"AI-based Problem Solving and Planning","score":0.013899999670684338,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.013700000010430813,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7731999754905701},{"id":"https://openalex.org/keywords/ontology","display_name":"Ontology","score":0.7667999863624573},{"id":"https://openalex.org/keywords/conflation","display_name":"Conflation","score":0.5436999797821045},{"id":"https://openalex.org/keywords/immutability","display_name":"Immutability","score":0.38019999861717224},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.3756999969482422},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.37400001287460327},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.3702000081539154},{"id":"https://openalex.org/keywords/ontology-alignment","display_name":"Ontology alignment","score":0.34869998693466187}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8034999966621399},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7731999754905701},{"id":"https://openalex.org/C25810664","wikidata":"https://www.wikidata.org/wiki/Q44325","display_name":"Ontology","level":2,"score":0.7667999863624573},{"id":"https://openalex.org/C130440534","wikidata":"https://www.wikidata.org/wiki/Q14946528","display_name":"Conflation","level":2,"score":0.5436999797821045},{"id":"https://openalex.org/C2776126399","wikidata":"https://www.wikidata.org/wiki/Q3942906","display_name":"Immutability","level":3,"score":0.38019999861717224},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3756999969482422},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.37400001287460327},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.3702000081539154},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.34880000352859497},{"id":"https://openalex.org/C98893333","wikidata":"https://www.wikidata.org/wiki/Q4339878","display_name":"Ontology alignment","level":4,"score":0.34869998693466187},{"id":"https://openalex.org/C137003198","wikidata":"https://www.wikidata.org/wiki/Q7247296","display_name":"Process ontology","level":3,"score":0.3294999897480011},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.32179999351501465},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3197999894618988},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3188999891281128},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.30979999899864197},{"id":"https://openalex.org/C2776303644","wikidata":"https://www.wikidata.org/wiki/Q1020499","display_name":"Interfacing","level":2,"score":0.2881999909877777},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.2822999954223633},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.28139999508857727},{"id":"https://openalex.org/C61673122","wikidata":"https://www.wikidata.org/wiki/Q7095059","display_name":"Ontology language","level":3,"score":0.28049999475479126},{"id":"https://openalex.org/C161301231","wikidata":"https://www.wikidata.org/wiki/Q3478658","display_name":"Knowledge representation and reasoning","level":2,"score":0.2766000032424927},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.27239999175071716},{"id":"https://openalex.org/C22550185","wikidata":"https://www.wikidata.org/wiki/Q7095047","display_name":"Ontology-based data integration","level":3,"score":0.266400009393692},{"id":"https://openalex.org/C50971890","wikidata":"https://www.wikidata.org/wiki/Q7635093","display_name":"Suggested Upper Merged Ontology","level":4,"score":0.26330000162124634},{"id":"https://openalex.org/C72634772","wikidata":"https://www.wikidata.org/wiki/Q386824","display_name":"Data integration","level":2,"score":0.2606000006198883},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.2606000006198883}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.31199","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.31199","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.31199","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.31199","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5969259142875671}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Capturing":[0],"dynamic":[1,95,133,168],"malware":[2,33,58,96,134,169],"behavior":[3,135],"in":[4,16,43,72,124],"a":[5,13,83,105,138,156,174,190],"practical":[6,139],"but":[7],"still":[8],"semantically":[9],"precise":[10],"manner":[11],"remains":[12],"significant":[14],"challenge":[15],"cyber":[17],"threat":[18],"intelligence.":[19],"While":[20],"standards":[21,74],"such":[22],"as":[23,104],"MAEC":[24,89,125],"and":[25,35,90,121,126,163,184,196,227],"STIX":[26,91,127],"provide":[27],"widely":[28],"adopted":[29],"vocabularies":[30],"for":[31,75,167],"describing":[32],"artifacts":[34,59],"observations,":[36],"they":[37,53],"represent":[38,161],"data":[39,162],"with":[40,60],"considerable":[41],"complexity":[42],"structures":[44],"that":[45,69,128,209,218],"often":[46],"obscure":[47],"important":[48],"ontological":[49,85,112],"distinctions.":[50],"In":[51,78],"particular,":[52],"tend":[54],"to":[55,94,144,160],"conflate":[56],"enduring":[57,194],"the":[61,116,142,210],"events":[62,123],"generated":[63],"during":[64],"execution,":[65],"thereby":[66],"flattening":[67],"distinctions":[68],"are":[70],"central":[71],"foundational":[73,84],"ontology":[76,158,172,212],"design.":[77],"this":[79],"paper,":[80],"we":[81,153],"conduct":[82],"analysis":[86,97,109],"of":[87,118,132],"core":[88],"constructs":[92],"relevant":[93],"relying":[98],"on":[99,150,178],"Unified":[100],"Foundational":[101],"Ontology":[102],"(UFO)":[103],"theoretical":[106],"lens.":[107],"Our":[108],"reveals":[110],"some":[111],"mismatches":[113],"arising":[114],"from":[115,137],"conflation":[117],"artifacts,":[119,183],"dispositions,":[120],"runtime":[122,197],"complicate":[129],"coherent":[130],"representation":[131],"and,":[136],"perspective,":[140],"limit":[141],"ability":[143],"reason":[145],"about":[146],"execution":[147],"traces.":[148],"Based":[149],"these":[151],"insights,":[152],"propose":[154],"MAECO-Lite,":[155],"lightweight":[157],"designed":[159],"operationalize":[164],"their":[165],"processing":[166],"analysis.":[170],"The":[171],"adopts":[173],"modular":[175],"structure":[176],"centered":[177],"samples,":[179],"processes,":[180],"actions,":[181],"system":[182],"MITRE":[185],"ATT&amp;CK":[186],"Techniques,":[187],"while":[188],"maintaining":[189],"clear":[191],"separation":[192],"between":[193],"entities":[195],"events.":[198],"An":[199],"initial":[200],"evaluation":[201],"using":[202],"description":[203],"logic":[204],"concept":[205],"learning":[206,215],"algorithms":[207],"shows":[208],"simplified":[211],"significantly":[213],"improves":[214],"performance,":[216],"demonstrating":[217],"ontologically":[219],"grounded":[220],"modelling":[221],"can":[222],"enhance":[223],"both":[224],"semantic":[225],"clarity":[226],"computational":[228],"usability.":[229]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-06-02T00:00:00"}
