TY - GEN
T1 - Poster
T2 - 23rd ACM Conference on Computer and Communications Security, CCS 2016
AU - Sun, Bo
AU - Fujino, Akinori
AU - Mori, Tatsuya
N1 - Funding Information:
A part of this work was supported by JSPS Grant-in-Aid for Scientific Research B, Grant Number JP16H02832.
Publisher Copyright:
© 2016 Copyright held by the owner/author(s).
PY - 2016/10/24
Y1 - 2016/10/24
N2 - In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus vendors usually publish malware analysis reports on their website. Because malware analysis reports and sandbox logs do not have direct connections, when analyzing sandbox logs, security specialists cannot benefit from the information described in such expert reports. To address this issue, we developed a system called ReGenerator that automates the generation of reports related to sandbox logs by making use of existing reports published by antivirus vendors. Our system combines several techniques, including the Jaccard similarity, Natural Language Processing (NLP), and Generation (NLG), to produce concise human-readable reports describing malicious behavior for security specialists.
AB - In recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus vendors usually publish malware analysis reports on their website. Because malware analysis reports and sandbox logs do not have direct connections, when analyzing sandbox logs, security specialists cannot benefit from the information described in such expert reports. To address this issue, we developed a system called ReGenerator that automates the generation of reports related to sandbox logs by making use of existing reports published by antivirus vendors. Our system combines several techniques, including the Jaccard similarity, Natural Language Processing (NLP), and Generation (NLG), to produce concise human-readable reports describing malicious behavior for security specialists.
KW - Malware analysis
KW - Natural Language Processing
KW - Reports
KW - Sandbox logs
UR - http://www.scopus.com/inward/record.url?scp=84995486158&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84995486158&partnerID=8YFLogxK
U2 - 10.1145/2976749.2989064
DO - 10.1145/2976749.2989064
M3 - Conference contribution
AN - SCOPUS:84995486158
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1814
EP - 1816
BT - CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 24 October 2016 through 28 October 2016
ER -