2018 Global Information Infrastructure and Networking Symposium (GIIS) 2018
DOI: 10.1109/giis.2018.8635598
|View full text |Cite
|
Sign up to set email alerts
|

Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis

Abstract: Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
4
2

Relationship

2
4

Authors

Journals

citations
Cited by 11 publications
(3 citation statements)
references
References 11 publications
0
3
0
Order By: Relevance
“…When detecting that it is being analysed by the sandbox agent, some malware modifies its behaviour, causing the analysis to yield incorrect results. The latest research work suggests [36,37] that traditional sandboxes are not evasive resistance because they hook data by dropping their agent in a controlled environment that can be easily detected by advanced strains of malware. As a result, they either stop their executing or execute with limited functionality.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…When detecting that it is being analysed by the sandbox agent, some malware modifies its behaviour, causing the analysis to yield incorrect results. The latest research work suggests [36,37] that traditional sandboxes are not evasive resistance because they hook data by dropping their agent in a controlled environment that can be easily detected by advanced strains of malware. As a result, they either stop their executing or execute with limited functionality.…”
Section: Related Workmentioning
confidence: 99%
“…(a) Malware behavioural modelling using advance sandbox: In contrast to other studies and research work where the traditional sandboxes such as Cuckoo, Norman, Joe, etc. were used to model the behaviour of malware as from our previous research work [36], we found that they are not so effective in capturing the behaviour of advanced and sophisticated malware; therefore, we have utilized AI-based sandbox in this work to perform dynamic analysis and to model the behaviour of the malware.…”
Section: N-gramsmentioning
confidence: 99%
“…For this experiment we utilised an Agentless (VMRay Analyzer) and AI-based (SNDBOX) sandbox. VMRay Analyser as aforementioned is an agentless sandbox cloud solution and the reason choosing this platform is that some sophisticate malware usually monitor the running environment and to prevent their discovery they usually stop their execution which provides insignificant features to the analysis (Ali et al, 2018). SNDBOX applies an invisible kernel mode agent and AI to offer the next generation Sandbox, extending the individual capabilities and expertise of security and research teams through AI, dynamic analysis and network mapping.…”
Section: Virtual Labmentioning
confidence: 99%