How to extract features from cuckoo analysis result

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system

http://www.cuckoosandbox.org

Other

5.47k stars 1.7k forks source link

How to extract features from cuckoo analysis result #2076

Open yahyeabukar opened 6 years ago

yahyeabukar commented 6 years ago

i have results generated by cuckoo sandbox -Thanks developers- and i want to extract malware behavioral features ( i am doing research on Ransomware) . In cuckoo analysis htlm report contains many features .Is there is any automatic Feature extraction method ? any recommendations thanks

doomedraven commented 6 years ago

use API

RicoVZ commented 6 years ago

Hi yahyeabukar,

In addition to doomedraven's answer, you can find information about the Cuckoo web API here. https://cuckoo.sh/docs/usage/api.html

It allows you to retrieve reports containing all analysis information in JSON format.

jbremer commented 6 years ago

We also have the "Malware Configuration Extaction" API / framework - you can read more about that in our latest blogposts (on 2.0.3 up to 2.0.5 releases) on https://cuckoosandbox.org/.

georgew1000 commented 6 years ago

Hi, how am i supposed to turn the behaviour logs (json) and network logs (pcap) results that cuckoo produces into a data set for training AI with using something like tensor flow / keras?

RicoVZ commented 6 years ago

@georgew1000

That would completely depend on what your machine learning application should actually be trained to do. But answering that is a bit out of scope for Cuckoo issues.

If you have specific questions on how to find a type of data inside Cuckoo results, feel free to ask. :smile: