|
|
Please login using the form on menu list.
It is required to login for Full-Text PDF.
|
Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities
Daisuke INOUE
Katsunari YOSHIOKA
Masashi ETO
Yuji HOSHIZAWA
Koji NAKAO
Publication
IEICE TRANSACTIONS on Information and Systems Vol.E92-D No.5 pp.945-954
Publication Date: 2009/05/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Malware Detection
Keyword:
malware,
dynamic analysis,
sandbox,
security incident,
Full Text: PDF(1.6MB)
Summary:
Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.
|
|
