Design Issues of an Isolated Sandbox Used to Analyze Malwares

"Internet of Things" (IoT) bridges the communication barrier between the computing entities by forming a network between them. With a common solution for control and management of IoT devices, these networks are prone to all types of computing threats. Such networks may experience threats which are launched by exploitation of vulnerabilities that are left unhandled during the testing phases. These are often termed as "zero-day" vulnerabilities, and their conversion into a network attack is named as "zeroday" attack. These attacks can affect the IoT devices by exploiting the defense perimeter of the network. The existing solutions are capable of detecting such attacks but do not facilitate communication, which affects the performance of the network. In this paper, a consensus framework is proposed for mitigation of zero-day attacks in IoT networks. The proposed approach uses context behavior of IoT devices as a detection mechanism followed by alert message protocol and critical data sharing protocol for reliable communication during attack mitigation. The numerical analysis suggests that the proposed approach can serve the purpose of detection and elimination of zero-day attacks in IoT network without compromising its performance.

show abstract

“…Virtualization-based [43][44][45][46][47][48] An environment to analyze malicious behavior in a separated space from actual system is required…”

Section: Motivation and Ourmentioning

confidence: 99%

A Consensus Framework for Reliability and Mitigation of Zero-Day Attacks in IoT

Sharma

Lee

Kwon

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The MARS, Malware/Minimal-attack Analysis Result Set [26], is a set of dynamic and static analysis data for the malware samples of the CCC DATAset 2008, 2009, and 2010. One part of the metadata contains the hash digest, file name, file size, file type, detection name, and time stamp of the anti-virus software, as well as the version of the antivirus software with regard to a particular malware sample.…”

Section: Mars For Mwsmentioning

confidence: 99%

Empowering Anti-malware Research in Japan by Sharing the MWS Datasets

Hatada

Akiyama²,

Kasama

2015

Journal of Information Processing

View full text Add to dashboard Cite

Substantial research has been conducted to develop proactive and reactive countermeasures against malware threats. Gathering and analyzing data are widely accepted approaches for accelerating the research towards understanding malware threats. However, collecting useful data is not an easy task for individuals or new researchers owing to several technical barriers, such as conducting honeypot operations securely. The anti-Malware engineering WorkShop (MWS) was organized in 2008 to fill this gap; since then, we have shared datasets that are useful for accelerating the data-driven anti-malware research in Japan. This paper provides the definitive collection of the MWS Datasets that are a collection of different datasets for use in anti-malware research. We also report the effectiveness of the MWS Datasets from the viewpoint of published research papers and how to empower some of the papers by using the MWS Datasets. Furthermore, our discussion about issues of the MWS Datasets reveal the future directions for accelerating anti-malware research from the perspectives of dataset collection activity and dataset use activity.

show abstract

“…The method in [8], [9] provides the mimetic Internet environment in a totally isolated sandbox similar to our method. However, these sandboxes do not provide an effective way to observe the vulnerability exploitation while our sandbox effectively redirects attacks to a honeypot with multiple emulated vulnerabilities for efficiently observe the exploitation.…”

Section: Related Workmentioning

confidence: 99%

Malware Sandbox Analysis for Secure Observation of Vulnerability Exploitation

Yoshioka

Inoue

Eto

et al. 2009

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

SUMMARYExploiting vulnerabilities of remote systems is one of the fundamental behaviors of malware that determines their potential hazards. Understanding what kind of propagation tactics each malware uses is essential in incident response because such information directly links with countermeasures such as writing a signature for IDS. Although recently malware sandbox analysis has been studied intensively, little work is done on securely observing the vulnerability exploitation by malware. In this paper, we propose a novel sandbox analysis method for securely observing malware's vulnerability exploitation in a totally isolated environment. In our sandbox, we prepare two victim hosts. We first execute the sample malware on one of these hosts and then let it attack the other host which is running multiple vulnerable services. As a simple realization of the proposed method, we have implemented a sandbox using Nepenthes, a lowinteraction honeypot, as the second victim. Because Nepenthes can emulate a variety of vulnerable services, we can efficiently observe the propagation of sample malware. In the experiments, among 382 samples whose scan capabilities are confirmed, 381 samples successfully started exploiting vulnerabilities of the second victim. This indicates the certain level of feasibility of the proposed method. key words: malware sandbox analysis, exploit code detection, lowinteraction honeypot

show abstract

Design Issues of an Isolated Sandbox Used to Analyze Malwares

Cited by 19 publications

References 4 publications

A Consensus Framework for Reliability and Mitigation of Zero-Day Attacks in IoT

A Consensus Framework for Reliability and Mitigation of Zero-Day Attacks in IoT

Empowering Anti-malware Research in Japan by Sharing the MWS Datasets

Malware Sandbox Analysis for Secure Observation of Vulnerability Exploitation

Contact Info

Product

Resources

About