As mobile and smart connectivity continue to grow, malware presents a permanently evolving threat to different types of critical domains such as health, logistics, banking, and community segments. Different types of malware have dynamic behaviors and complicated characteristics that are shared among members of the same malware family. Malware threat intelligence reports play a crucial role in describing and documenting the detected malware, providing a wealth of information regarding its attributes, patterns, and behaviors. There is a large amount of intelligent threat information regarding malware. The ontology allows the systematic organization and categorization of this information to ensure consistency in representing concepts and entities across various sources. In this study, we reviewed and extended an existing malware ontology to cover Android malware. Our extended ontology is called AndMalOnt. It consisted of 13 new classes, 16 object properties, and 31 data properties. Second, we created an Android malware knowledge graph by extracting reports from the MalwareBazaar repository and representing them in AndMalOnt. This involved generating a knowledge graph that encompasses over 2600 malware samples. Our ontology, knowledge graph, and source code are all open-source and accessible via GitHub

翻译：随着移动与智能互联技术的持续发展，恶意软件对健康、物流、金融及社区等各类关键领域构成了长期演变的威胁。不同类型的恶意软件具有动态行为及复杂特征，这些特征在同一恶意软件家族成员间共享。恶意软件威胁情报报告在描述和记录检测到的恶意软件方面发挥着关键作用，提供了关于其属性、模式及行为的丰富信息。目前存在大量关于恶意软件的智能威胁信息。本体能够系统化地组织和分类这些信息，确保跨来源的概念与实体表示一致性。本研究对现有恶意软件本体进行了审查与扩展，使其覆盖安卓恶意软件。扩展后的本体命名为AndMalOnt，包含13个新类、16个对象属性和31个数据属性。其次，我们通过从MalwareBazaar存储库提取报告并以AndMalOnt进行表示，构建了安卓恶意软件知识图谱，生成了涵盖超过2600个恶意软件样本的知识图谱。本研究的本体、知识图谱及源代码均为开源资源，可通过GitHub获取。