Silvia Sebastián
Silvia Sebastián
Home
Projects
Work Experience
Publications
Talks
Contact
CV
Light
Dark
Automatic
Taxonomy
An Automated Framework for Cybersecurity Attribution and Artefact Relationship Identification
I’m thrilled to announce that my PhD Defense is finally happening! It’s been a road of hard work, long hours, and many cups of tea, but I’m grateful for the opportunity to share my research with the world. 🤓 🕵♀️
Nov 20, 2023 3:00 PM
Thesis Defense
ETSI Informáticos, UPM, Madrid, Spain
Silvia Sebastián
Follow
AVClass
Retriever
WhoseDomain
AVclass2: Massive Malware Tag Extraction from AV Labels
Tags can be used by malware repositories and analysis services to enable searches for samples of interest across different dimensions. Automatically extracting tags from AV labels is an efficient approach to categorize and index massive amounts of samples. Recent tools like AVclass and Euphony have demonstrated that, despite their noisy nature, it is possible to extract family names from AV labels. However, beyond the family name, AV labels contain much valuable information such as malware classes, file properties, and behaviors. This work presents AVclass2, an automatic malware tagging tool that given the AV labels for a potentially massive number of samples, extracts clean tags that categorize the samples. AVclass2 uses, and helps building, an open taxonomy that organizes concepts in AV labels, but is not constrained to a predefined set of tags. To keep itself updated as AV vendors introduce new tags, it provides an update module that automatically identifies new taxonomy entries, as well as tagging and expansion rules that capture relations between tags. We have evaluated AVclass2 on 42M samples and showed how it enables advanced malware searches and to maintain an updated knowledge base of malware concepts in AV labels.
Dec 9, 2020 12:45 PM
2020 Annual Computer Security Applications Conference
Online
Silvia Sebastián
Project
Video
Follow
AVclass2: Massive Malware Tag Extraction from AV Labels
Tags can be used by malware repositories and analysis services to enable searches for samples of interest across different dimensions. …
Silvia Sebastián
,
Juan Caballero
Cite
Code
Project
Video
DOI
AVClass
Malware
labeling tool
that extracts tags from malware samples, enabling rich searches. It is open source and greatly used by the community with more than 500 references and 400 stars on
GitHub
.
Code
Cite
×