MATRIX: A Comprehensive Graph-Based Framework for Malware Analysis and Threat Research

Marco Simoni; Marco Simoni; Andrea Saracino

doi:10.5220/0013629300003979

MATRIX: A Comprehensive Graph-Based Framework for Malware Analysis and Threat Research

Marco Simoni, Marco Simoni, Andrea Saracino

2025

Abstract

This paper presents MATRIX (Malware Analysis and Threat Research with STIX), a graph database for the comprehensive analysis and research of malware and threats. To provide a unified view of the threat landscape, MATRIX integrates data from major cybersecurity frameworks, including MITRE ATT&CK, DEF3ND, CAPEC, Malware Behavior Catalog (MBC), Metasploit, Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE). Developed in Neo4j using the Structured Threat Information Expression (STIX™) standard, MATRIX includes more than 22,910 nodes and combines 14 STIX Domain Objects (SDOs) and 6 STIX Relationship Objects (SROs) to provide a detailed analysis of malware behavior, detection rules and defense strategies, making it a valuable tool for cybersecurity research. The system also integrates real-world malware reports and is automatically updated with data from sources such as VirusTotal, Malware-Bazaar and VirusShare, supporting continuous and up-to-date threat analysis. We demonstrate its versatility through case studies comparing malware objectives and analyzing the impact of detection and mitigation.

Download

Paper Citation

in Harvard Style

Simoni M. and Saracino A. (2025). MATRIX: A Comprehensive Graph-Based Framework for Malware Analysis and Threat Research. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 495-502. DOI: 10.5220/0013629300003979

in Bibtex Style

@conference{secrypt25,
author={Marco Simoni and Andrea Saracino},
title={MATRIX: A Comprehensive Graph-Based Framework for Malware Analysis and Threat Research},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={495-502},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013629300003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - MATRIX: A Comprehensive Graph-Based Framework for Malware Analysis and Threat Research
SN - 978-989-758-760-3
AU - Simoni M.
AU - Saracino A.
PY - 2025
SP - 495
EP - 502
DO - 10.5220/0013629300003979
PB - SciTePress