This paper presents MATRIX (Malware Analysis and Threat Research with STIX), a graph database for the comprehensive analysis and research of malware and threats. To provide a unified view of the threat landscape, MATRIX integrates data from major cybersecurity frameworks, including MITRE ATT&CK, DEF3ND, CAPEC, Malware Behavior Catalog (MBC), Metasploit, Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE). Developed in Neo4j using the Structured Threat Information Expression (STIX™) standard, MATRIX includes more than 22,910 nodes and combines 14 STIX Domain Objects (SDOs) and 6 STIX Relationship Objects (SROs) to provide a detailed analysis of malware behavior, detection rules and defense strategies, making it a valuable tool for cybersecurity research. The system also integrates real-world malware reports and is automatically updated with data from sources such as VirusTotal, MalwareBazaar and VirusShare, supporting continuous and up-to-date threat analysis. We demonstrate its versatility through case studies comparing malware objectives and analyzing the impact of detection and mitigation.
MATRIX: A Comprehensive Graph-Based Framework for Malware Analysis and Threat Research / Simoni, Marco; Saracino, Andrea. - (2025), pp. 495-502. [10.5220/0013629300003979].
MATRIX: A Comprehensive Graph-Based Framework for Malware Analysis and Threat Research
Simoni, Marco
Primo
;
2025
Abstract
This paper presents MATRIX (Malware Analysis and Threat Research with STIX), a graph database for the comprehensive analysis and research of malware and threats. To provide a unified view of the threat landscape, MATRIX integrates data from major cybersecurity frameworks, including MITRE ATT&CK, DEF3ND, CAPEC, Malware Behavior Catalog (MBC), Metasploit, Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE). Developed in Neo4j using the Structured Threat Information Expression (STIX™) standard, MATRIX includes more than 22,910 nodes and combines 14 STIX Domain Objects (SDOs) and 6 STIX Relationship Objects (SROs) to provide a detailed analysis of malware behavior, detection rules and defense strategies, making it a valuable tool for cybersecurity research. The system also integrates real-world malware reports and is automatically updated with data from sources such as VirusTotal, MalwareBazaar and VirusShare, supporting continuous and up-to-date threat analysis. We demonstrate its versatility through case studies comparing malware objectives and analyzing the impact of detection and mitigation.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
