ITU

Committed to connecting the world

ITU-T work programme

[2009-2012] : [SG17] : [Q4/17]

[Declared patent(s)]  - [Publication]

Work item: X.maec
Status: [Carried to next study period]
Approval process: TAP
Type of work item: Recommendation
Version: New
Provisional name: -
Equivalent number: -
Timing: -
Liaison: -
Subject/title: Malware attribute enumeration and classification
Summary: This Recommendation on malware attribute enumeration and classification (MAEC) is an XML/XSD based specification for characterizing malware based on its behaviors, artifacts, and attack patterns. This will allow for the description and identification of malware based on distinct patterns of attributes rather than a single metadata entity (which is the method commonly employed in signature-based detection). MAEC's focus on structured, attribute-based characterization provides several capabilities that the aforementioned methods do not possess. These capabilities stem from MAEC's existence as a domain-specific language, with an encompassing and unambiguous vocabulary and grammar. MAEC aims to: 1) improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware, 2) reduce potential duplication of malware analysis efforts by researchers, and 3) allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances. Threat analysis, intrusion detection, and incident management are processes that deal with all manners of cyber threats. MAEC, through its uniform encoding of malware attributes, provides a standardized format for the incorporation of actionable information regarding malware in these processes.
Comment: -
Base text(s):
[TD 3093 ]
Contact(s):
ITU-T A.5 reference(s):
Generate A.5 drat TD
-
[Submit new A.5 reference ] 
First registration in the WP: 2010-05-31 11:04:02
Last update: 2012-10-05 14:11:43