TraceTree monitors what software actually does when it runs, not just what it claims to be. It sandboxes packages inside Docker, attaches strace to capture every syscall, and builds a directed graph of the full process cascade: every file touched, every network call made, every child process spawned. That graph gets fed into a RandomForest classifier trained on real malware samples, plus YARA rules and n-gram syscall pattern matching, to flag behavioral signatures that static scanners and install-time checks completely miss. The output is a SARIF report you can pipe directly into your security toolchain. TraceTree also includes a dedicated MCP server security module, because as AI agents proliferate, MCP servers have become a live attack surface that nobody was watching. The core insight is simple: malware can lie about what it is, but it can't hide what it does.

Features

  • syscall capture via strace inside Docker sandbox
  • Directed process tree / graph construction using NetworkX
  • RandomForest classifier for malicious behavior detection (trained on MalwareBazaar samples)
  • YARA rule matching against captured traces
  • N-gram syscall pattern analysis
  • Temporal execution analysis (timing and sequencing of syscalls)
  • Behavioral signature library for known attack patterns

Project Activity

See All Activity >

Follow TraceTree

TraceTree Web Site

Other Useful Business Software
$300 Free Credits for Your Google Cloud Projects Icon
$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
Start Free Trial
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of TraceTree!

Additional Project Details

Registered

2026-04-26