Why should you care about Malware Attribute Enumeration and Characterization (MAEC)?

See All

Why should you care about MAEC?

The absence of any widely accepted standard for characterizing malware means that there is no precise technique for communicating the particular malware attributes, nor for enumerating its fundamental makeup. MAEC framework solves these problems, as the characterization of malware using abstract patterns offers a wide range of benefits over the use of physical signatures. It allows accurate encoding of how the malware operates and the particular actions that it performs. Such information can be used for malware detection, but also for assessing the malware’s end-goal. Overall, it provides a set of modern tools and techniques for combating and detecting malware.

What is the MAEC Community?

MAEC is a community-developed project, which involves representatives from antivirus, operating system, and software vendors, security services providers, IT users, and others from across the international cybersecurity communities.

The members of MAEC can discuss the latest versions of MAEC specifications and other stuff via MAEC Community Discussion Lists. Members can leverage the Encyclopedia of Malware Attributes to collaborate on building semantic MediaWiki of malware. Members can also use MAECProject GitHub Tools & Utilities to make contributions to open-source MAEC development.

What are the benefits of MAEC?

By adopting MAEC for encoding malware-related information in a structured way, organizations can eliminate the ambiguity and inaccuracy in malware descriptions, and improve the general awareness of malware. This can also help in reducing the duplication of malware analysis efforts, and decrease the overall response time to malware threats. In this community-developed project, the information is shared based on attributes such as artifacts, behaviors, and relationships between malware samples. MAEC enables faster development of countermeasures and provides the ability to leverage responses to previously observed malware instances.

What is the relationship between MAEC and TAXII? 

TAXII (Trusted Automated eXchange of Indicator Information) uses STIX (Structured Threat Information eXpression) to constitute cyber threat information. Where STIX characterizes ‘what’ is being shared, the TAXII defines ‘how’ the STIX payload is shared. However, it is also feasible that TAXII could use MAEC as its payload instead of STIX. MAEC provides a comprehensive, structured way of capturing detailed information about malware, targeting malware analysts, while STIX targets a more diverse audience by capturing a broad spectrum of cyber-threat related information, including basic malware information.

See Our Products In Action

  • Share this blog:
What is the Cyber Information Sharing and Collaboration Program (CISCP)?
What is Malware Attribute Enumeration and Characterization (MAEC)?
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.