Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Daisuke INOUE, Katsunari YOSHIOKA, Masashi ETO, Yuji HOSHIZAWA, Koji NAKAO, "Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 5, pp. 945-954, May 2009, doi: 10.1587/transinf.E92.D.945.
Abstract: Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.945/_p
Copy
@ARTICLE{e92-d_5_945,
author={Daisuke INOUE, Katsunari YOSHIOKA, Masashi ETO, Yuji HOSHIZAWA, Koji NAKAO, },
journal={IEICE TRANSACTIONS on Information},
title={Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities},
year={2009},
volume={E92-D},
number={5},
pages={945-954},
abstract={Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.},
keywords={},
doi={10.1587/transinf.E92.D.945},
ISSN={1745-1361},
month={May},}
Copy
TY - JOUR
TI - Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities
T2 - IEICE TRANSACTIONS on Information
SP - 945
EP - 954
AU - Daisuke INOUE
AU - Katsunari YOSHIOKA
AU - Masashi ETO
AU - Yuji HOSHIZAWA
AU - Koji NAKAO
PY - 2009
DO - 10.1587/transinf.E92.D.945
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E92-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2009
AB - Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.
ER -