poster

POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs

Authors:

Akinori Fujino,

Tatsuya MoriAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 1814 - 1816

https://doi.org/10.1145/2976749.2989064

Published: 24 October 2016 Publication History

Abstract

In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus vendors usually publish malware analysis reports on their website. Because malware analysis reports and sandbox logs do not have direct connections, when analyzing sandbox logs, security specialists can not benefit from the information described in such expert reports. To address this issue, we developed a system called ReGenerator that automates the generation of reports related to sandbox logs by making use of existing reports published by antivirus vendors. Our system combines several techniques, including the Jaccard similarity, Natural Language Processing (NLP), and Generation (NLG), to produce concise human-readable reports describing malicious behavior for security specialists.

References

[1]

Av-test. malware. http://www.av-test.org/en/statistics/malware.

[2]

Cuckoo sandbox. https://www.cuckoosandbox.org.

[3]

Natural language toolkit. http://www.nltk.org.

[4]

simplenlg: Java api for natural language generation. https://code.google.com/p/simplenlg/.

[5]

Textblob: Simplified text processing. http://textblob.readthedocs.io/en/dev/.

[6]

Virustotal-free online virus, malware and url scanner. https://www.virustotal.com.

[7]

Windows api index. https://msdn.microsoft.com/ja-jp/library/windows/desktop/ff818516.aspx.

[8]

F. Ahmed, H. Hameed, M. Z. Shafiq, and M. Farooq. Using spatio-temporal information in API calls with machine learning algorithms for malware detection. In Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, AISec 2009.

Digital Library

[9]

M. Alazab, S. Venkataraman, and P. Watters. Towards understanding malware behaviour by the extraction of api calls. In n Cybercrime and Trustworthy Computing Workshop (CTC), 2010.

Digital Library

[10]

U. Bayer, P. M. Comparetti, C. Hlauschek, C. Krügel, and E. Kirda. Scalable, behavior-based malware clustering. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2009.

[11]

FFRI.inc. http://www.ffri.jp/en/company/index.htm.

[12]

M. D. Kamizono Masaki et al. http://www.iwsec.org/mws/2015/.

[13]

P. Li, L. Liu, D. Gao, and M. K. Reiter. On challenges in evaluating malware clustering. In Recent Advances in Intrusion Detection,RAID 2010.

Digital Library

[14]

A. Mohaisen and O. Alrawi. Av-meter: An evaluation of antivirus scans and labels. In Detection of Intrusions and Malware, and Vulnerability Assessment,DIMVA 2014.

[15]

M. D. Network and individual contributors. Block-level elements. https://developer.mozilla.org/en-US/docs/Web/ HTML/Block-level_elements.

[16]

M. D. Network and individual contributors. Inline elements. https://developer.mozilla.org/en-US/docs/Web/HTML/Inline_elements.

[17]

C. Ravi and R. Manoharan. Malware detection using windows api sequence and machine learning. In International Journal of Computer Applications,Vol. 43, No. 17.

Cited By

Wang JWang LDong FWang HMontpetit MLeivadeas AUhlig SJaved M(2023)Re-measuring the Label Dynamics of Online Anti-Malware Engines from Millions of SamplesProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624800(253-267)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624800
Yan JJia XYing LYan JSu P(2022)Understanding and Mitigating Label Bias in Malware Classification: An Empirical Study2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS57517.2022.00057(492-503)Online publication date: Dec-2022
https://doi.org/10.1109/QRS57517.2022.00057
Shezan FHu HWang JWang GTian Y(2020)Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant SystemsProceedings of The Web Conference 202010.1145/3366423.3380179(1006-1017)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1145/3366423.3380179
Show More Cited By

Index Terms

POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs
1. Security and privacy
  1. Formal methods and theory of security
    1. Security requirements
  2. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

MalGene: Automatic Extraction of Malware Analysis Evasion Signature
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Automated dynamic malware analysis is a common approach for detecting malicious software. However, many malware samples identify the presence of the analysis environment and evade detection by not performing any malicious activity. Recently, an approach ...
MGeT: Malware Gene-Based Malware Dynamic Analyses
ICCSP '17: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy

Malware, as a malicious software, or applications or execution codes, has become the centerpiece of most security threats in such a unceasing open Internet environment. The essential technology of malware analysis is to extract the characteristics of ...
The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

JSPS KAKENHI

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
395
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang JWang LDong FWang HMontpetit MLeivadeas AUhlig SJaved M(2023)Re-measuring the Label Dynamics of Online Anti-Malware Engines from Millions of SamplesProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624800(253-267)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624800
Yan JJia XYing LYan JSu P(2022)Understanding and Mitigating Label Bias in Malware Classification: An Empirical Study2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS57517.2022.00057(492-503)Online publication date: Dec-2022
https://doi.org/10.1109/QRS57517.2022.00057
Shezan FHu HWang JWang GTian Y(2020)Read Between the Lines: An Empirical Measurement of Sensitive Applications of Voice Personal Assistant SystemsProceedings of The Web Conference 202010.1145/3366423.3380179(1006-1017)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1145/3366423.3380179
Nunes MBurnap PRana OReinecke PLloyd K(2019)Getting to the root of the problem: A detailed comparison of kernel and user level data for dynamic malware analysisJournal of Information Security and Applications10.1016/j.jisa.2019.10236548(102365)Online publication date: Oct-2019
https://doi.org/10.1016/j.jisa.2019.102365
Zhu ZDumitras T(2018)ChainSmith: Automatically Learning the Semantics of Malicious Campaigns by Mining Threat Intelligence Reports2018 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP.2018.00039(458-472)Online publication date: Apr-2018
https://doi.org/10.1109/EuroSP.2018.00039

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents