EFwork: An Efficient Framework for Constructing a Malware Knowledge Graph

Malware Knowledge Graph (MKG) serves as an essential auxiliary tool for malware detection and analysis. However, the construction of MKG faces several challenges, such as inadequate dataset quality, incomplete entity feature extraction, and the limitations imposed by deep learning techniques. To address these issues, we present an Efficient Framework for constructing a malware knowledge graph (EFwork). Firstly, we build a High-Quality Dataset (HQDataset) and introduce a metric for data quality assessment based on knowledge coverage, timeliness, and density. Subsequently, we develop a Named Entity Recognition (NER) model that extracts character features, part-of-speech features, and word features from the data, leveraging deep learning models to identify malware-related entities. Finally, we implement a rule-based filtering mechanism, utilizing a comprehensive Rule Database to eliminate entities that do not conform to predefined rules. Experimental result shows that our HQDataset demonstrates superior data quality when compared to other open-source datasets. Furthermore, our NER model combined with our Rule Database outperforms existing models, achieving improvements of 0.67%, 0.74%, and 0.69% in Precision, Recall, and F1-Score, respectively.