Poster: Toward automating the generation of malware analysis reports using the sandbox logs

Bo Sun, Akinori Fujino, Tatsuya Mori

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    2 Citations (Scopus)

    Abstract

    In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus vendors usually publish malware analysis reports on their website. Because malware analysis reports and sandbox logs do not have direct connections, when analyzing sandbox logs, security specialists cannot benefit from the information described in such expert reports. To address this issue, we developed a system called ReGenerator that automates the generation of reports related to sandbox logs by making use of existing reports published by antivirus vendors. Our system combines several techniques, including the Jaccard similarity, Natural Language Processing (NLP), and Generation (NLG), to produce concise human-readable reports describing malicious behavior for security specialists.

    Original languageEnglish
    Title of host publicationCCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery
    Pages1814-1816
    Number of pages3
    Volume24-28-October-2016
    ISBN (Electronic)9781450341394
    DOIs
    Publication statusPublished - 2016 Oct 24
    Event23rd ACM Conference on Computer and Communications Security, CCS 2016 - Vienna, Austria
    Duration: 2016 Oct 242016 Oct 28

    Other

    Other23rd ACM Conference on Computer and Communications Security, CCS 2016
    CountryAustria
    CityVienna
    Period16/10/2416/10/28

    Fingerprint

    Regenerators
    Dynamic analysis
    Websites
    Processing
    Malware

    Keywords

    • Malware analysis
    • Natural Language Processing
    • Reports
    • Sandbox logs

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Sun, B., Fujino, A., & Mori, T. (2016). Poster: Toward automating the generation of malware analysis reports using the sandbox logs. In CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vol. 24-28-October-2016, pp. 1814-1816). Association for Computing Machinery. https://doi.org/10.1145/2976749.2989064

    Poster : Toward automating the generation of malware analysis reports using the sandbox logs. / Sun, Bo; Fujino, Akinori; Mori, Tatsuya.

    CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vol. 24-28-October-2016 Association for Computing Machinery, 2016. p. 1814-1816.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Sun, B, Fujino, A & Mori, T 2016, Poster: Toward automating the generation of malware analysis reports using the sandbox logs. in CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. vol. 24-28-October-2016, Association for Computing Machinery, pp. 1814-1816, 23rd ACM Conference on Computer and Communications Security, CCS 2016, Vienna, Austria, 16/10/24. https://doi.org/10.1145/2976749.2989064
    Sun B, Fujino A, Mori T. Poster: Toward automating the generation of malware analysis reports using the sandbox logs. In CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vol. 24-28-October-2016. Association for Computing Machinery. 2016. p. 1814-1816 https://doi.org/10.1145/2976749.2989064
    Sun, Bo ; Fujino, Akinori ; Mori, Tatsuya. / Poster : Toward automating the generation of malware analysis reports using the sandbox logs. CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vol. 24-28-October-2016 Association for Computing Machinery, 2016. pp. 1814-1816
    @inproceedings{45661d0787d243389b4f4f2fbe9f4906,
    title = "Poster: Toward automating the generation of malware analysis reports using the sandbox logs",
    abstract = "In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus vendors usually publish malware analysis reports on their website. Because malware analysis reports and sandbox logs do not have direct connections, when analyzing sandbox logs, security specialists cannot benefit from the information described in such expert reports. To address this issue, we developed a system called ReGenerator that automates the generation of reports related to sandbox logs by making use of existing reports published by antivirus vendors. Our system combines several techniques, including the Jaccard similarity, Natural Language Processing (NLP), and Generation (NLG), to produce concise human-readable reports describing malicious behavior for security specialists.",
    keywords = "Malware analysis, Natural Language Processing, Reports, Sandbox logs",
    author = "Bo Sun and Akinori Fujino and Tatsuya Mori",
    year = "2016",
    month = "10",
    day = "24",
    doi = "10.1145/2976749.2989064",
    language = "English",
    volume = "24-28-October-2016",
    pages = "1814--1816",
    booktitle = "CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security",
    publisher = "Association for Computing Machinery",

    }

    TY - GEN

    T1 - Poster

    T2 - Toward automating the generation of malware analysis reports using the sandbox logs

    AU - Sun, Bo

    AU - Fujino, Akinori

    AU - Mori, Tatsuya

    PY - 2016/10/24

    Y1 - 2016/10/24

    N2 - In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus vendors usually publish malware analysis reports on their website. Because malware analysis reports and sandbox logs do not have direct connections, when analyzing sandbox logs, security specialists cannot benefit from the information described in such expert reports. To address this issue, we developed a system called ReGenerator that automates the generation of reports related to sandbox logs by making use of existing reports published by antivirus vendors. Our system combines several techniques, including the Jaccard similarity, Natural Language Processing (NLP), and Generation (NLG), to produce concise human-readable reports describing malicious behavior for security specialists.

    AB - In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus vendors usually publish malware analysis reports on their website. Because malware analysis reports and sandbox logs do not have direct connections, when analyzing sandbox logs, security specialists cannot benefit from the information described in such expert reports. To address this issue, we developed a system called ReGenerator that automates the generation of reports related to sandbox logs by making use of existing reports published by antivirus vendors. Our system combines several techniques, including the Jaccard similarity, Natural Language Processing (NLP), and Generation (NLG), to produce concise human-readable reports describing malicious behavior for security specialists.

    KW - Malware analysis

    KW - Natural Language Processing

    KW - Reports

    KW - Sandbox logs

    UR - http://www.scopus.com/inward/record.url?scp=84995486158&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84995486158&partnerID=8YFLogxK

    U2 - 10.1145/2976749.2989064

    DO - 10.1145/2976749.2989064

    M3 - Conference contribution

    AN - SCOPUS:84995486158

    VL - 24-28-October-2016

    SP - 1814

    EP - 1816

    BT - CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

    PB - Association for Computing Machinery

    ER -