BAGUETTE: Hunting for Evidence of Malicious Behavior in Dynamic Analysis Reports

Vincent Raulin; Pierre-François Gimenez; Yufei Han; Valérie Viet Triem Tong

doi:10.5220/0012086400003555

BAGUETTE: Hunting for Evidence of Malicious Behavior in Dynamic Analysis Reports

Vincent Raulin, Pierre-François Gimenez, Yufei Han, Valérie Viet Triem Tong

2023

Abstract

Malware analysis consists of studying a sample of suspicious code to understand it and producing a representation or explanation of this code that can be used by a human expert or a clustering/classification/detection tool. The analysis can be static (only the code is studied) or dynamic (only the interaction between the code and its host during one or more executions is studied). The quality of the interpretation of a code and its later detection depends on the quality of the information contained in this representation. To date, many analyses produce voluminous reports that are difficult to handle quickly. In this article, we present BAGUETTE, a graph-based representation of the interactions of a sample and the resources offered by the host system during one execution. We explain how BAGUETTE helps automatically search for specific behaviors in a malware database and how it efficiently assists the expert in analyzing samples.

Download

Paper Citation

in Harvard Style

Raulin V., Gimenez P., Han Y. and Viet Triem Tong V. (2023). BAGUETTE: Hunting for Evidence of Malicious Behavior in Dynamic Analysis Reports. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 417-424. DOI: 10.5220/0012086400003555

in Bibtex Style

@conference{secrypt23,
author={Vincent Raulin and Pierre-François Gimenez and Yufei Han and Valérie Viet Triem Tong},
title={BAGUETTE: Hunting for Evidence of Malicious Behavior in Dynamic Analysis Reports},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={417-424},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012086400003555},
isbn={978-989-758-666-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - BAGUETTE: Hunting for Evidence of Malicious Behavior in Dynamic Analysis Reports
SN - 978-989-758-666-8
AU - Raulin V.
AU - Gimenez P.
AU - Han Y.
AU - Viet Triem Tong V.
PY - 2023
SP - 417
EP - 424
DO - 10.5220/0012086400003555
PB - SciTePress