BAGUETTE: Hunting for Evidence of Malicious Behavior in Dynamic Analysis Reports

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography Pub Date : 2023-01-01 DOI:10.5220/0012086400003555

Vincent Raulin, Pierre-François Gimenez, Yufei Han, Valérie Viet Triem Tong

{"title":"BAGUETTE: Hunting for Evidence of Malicious Behavior in Dynamic Analysis Reports","authors":"Vincent Raulin, Pierre-François Gimenez, Yufei Han, Valérie Viet Triem Tong","doi":"10.5220/0012086400003555","DOIUrl":null,"url":null,"abstract":": Malware analysis consists of studying a sample of suspicious code to understand it and producing a representation or explanation of this code that can be used by a human expert or a clustering/classification/detection tool. The analysis can be static (only the code is studied) or dynamic (only the interaction between the code and its host during one or more executions is studied). The quality of the interpretation of a code and its later detection depends on the quality of the information contained in this representation. To date, many analyses produce voluminous reports that are difficult to handle quickly. In this article, we present BAGUETTE, a graph-based representation of the interactions of a sample and the resources offered by the host system during one execution. We explain how BAGUETTE helps automatically search for specific behaviors in a malware database and how it efficiently assists the expert in analyzing samples.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"34 1","pages":"417-424"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0012086400003555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

: Malware analysis consists of studying a sample of suspicious code to understand it and producing a representation or explanation of this code that can be used by a human expert or a clustering/classification/detection tool. The analysis can be static (only the code is studied) or dynamic (only the interaction between the code and its host during one or more executions is studied). The quality of the interpretation of a code and its later detection depends on the quality of the information contained in this representation. To date, many analyses produce voluminous reports that are difficult to handle quickly. In this article, we present BAGUETTE, a graph-based representation of the interactions of a sample and the resources offered by the host system during one execution. We explain how BAGUETTE helps automatically search for specific behaviors in a malware database and how it efficiently assists the expert in analyzing samples.

查看原文本刊更多论文

法棍:在动态分析报告中寻找恶意行为的证据

恶意软件分析包括研究可疑代码的样本以理解它，并生成该代码的表示或解释，可由人类专家或聚类/分类/检测工具使用。分析可以是静态的(只研究代码)，也可以是动态的(只研究一次或多次执行期间代码与其宿主之间的交互)。代码的解释质量和后来的检测取决于该表示中包含的信息的质量。迄今为止，许多分析产生的大量报告难以快速处理。在本文中，我们介绍了BAGUETTE，这是一个基于图形的表示，表示一个示例的交互和主机系统在一次执行期间提供的资源。我们解释了BAGUETTE如何帮助自动搜索恶意软件数据库中的特定行为，以及它如何有效地协助专家分析样本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography

自引率

0.00%

发文量