Language

Language

Introduction

MAEC is being developed as a formal language characterizing attributes and behaviors of all types of malware. Initially MAEC will focus on characterizing the most common types of malware, including Trojans, worms, and rootkits, but will be applicable to more esoteric malware types. As a language, MAEC will have a grammar and vocabulary that provide a standard means of communicating information about malware attributes.

Proposed Framework

MAEC’s core components include a vocabulary, grammar, and form of standardized output.

High-Level MAEC Overview

High-Level MAEC Overview

The MAEC Enumerations are an enumerated vocabulary composed of three distinct levels of malware attributes, as well as any metadata. The MAEC Schema is effectively a grammar and defines the structure of the enumerated elements and the relationships between them. Finally, the MAEC Bundle is a standardized format for the output of any MAEC characterized data.

Back to top

Feedback Requested

We encourage members of the security community to participate in the development of MAEC on the MAEC Development Group on Handshake and MAEC Email Discussion List. See the MAEC Enumerations, MAEC Schema, MAEC Bundle and MAEC Releases pages for additional information.

Back to top

Page Last Updated: February 03, 2012