Dynamic Malware Analysis Using Cuckoo Sandbox

Jamalpur, Sainadh; Navya, Yamini Sai; Raja, Perla; Tagore, Gampala; Rao, Ganga Rama Koteswara

doi:10.1109/icicct.2018.8473346

Cited by 37 publications

(16 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Common behaviors include modification of key registry of the system, and use of network communication resources, files, and mutex resources. There are many automated tools supporting behavior analysis such as Cuckoo [12], CWSandbox [13], and Ether [14]. Behavior-based methods can identify the type of malware and unrecognized malicious processes at runtime, so as to detect unknown malware.…”

Section: Traditional Malware Detection Approachesmentioning

confidence: 99%

MalCaps: A Capsule Network Based Model for the Malware Classification

Zhang

Chen

et al. 2021

Processes

View full text Add to dashboard Cite

The research on malware detection enabled by deep learning has become a hot issue in the field of network security. The existing malware detection methods based on deep learning suffer from some issues, such as weak ability of deep feature extraction, relatively complex model, and insufficient ability of model generalization. Traditional deep learning architectures, such as convolutional neural networks (CNNs) variants, do not consider the spatial hierarchies between features, and lose some information on the precise position of a feature within the feature region, which is crucial for a malware file which has specific sections. In this paper, we draw on the idea of image classification in the field of computer vision and propose a novel malware detection method based on capsule network architecture with hyper-parameter optimized convolutional layers (MalCaps), which overcomes CNNs limitations by removing the need for a pooling layer and introduces capsule layers. Firstly, the malware is transformed into a grayscale image. Then, the dynamic routing-based capsule network is used to detect and classify the image. Without advanced feature extraction and with only a small number of labeled samples, the presented method is tested on an unbalanced Microsoft Malware Classification Challenge (MMCC) dataset and experimental results produce testing accuracy of 99.34%, improving on a number of traditional deep learning models posited in recent malware classification literature.

show abstract

Section: Traditional Malware Detection Approachesmentioning

confidence: 99%

MalCaps: A Capsule Network Based Model for the Malware Classification

Zhang

Chen

et al. 2021

Processes

View full text Add to dashboard Cite

show abstract

“…The Cuckoo sandbox [21] is an open source dynamic malware binary analysis tool, which is used for malware analysis in virtual environment. It can analyze number of applications as API calls and different types of malicious files.…”

Section: Cuckoo Sandboxmentioning

confidence: 99%

Detection of Malicious Servers for Preventing Client-Side Attacks

Bux

Yousaf

Jalbani

et al. 2021

Mehran Univ. res. j. eng. technol.

View full text Add to dashboard Cite

The number of client-side attacks is increasing day-by-day. These attacks are launched by using various methods like phishing, drive-by downloads, click-frauds, social engineering, scareware, and ransomware. To get more advantage with less exertion and time, the attackers are focus on the clients, rather than servers which are more secured as compared to the clients. This makes clients as an easy target for the attackers on the Internet. A number of systems/tools have been created by the security community with various functions for detection of client-side attacks. The discovery of malicious servers that launch the client side attacks can be characterized in two types. First to detect malicious servers with passive detection which is often signature based. Second to detect the malicious servers with active detection often with dynamic malware analysis. Current systems or tools have more focus on identifying malicious servers rather than preventing the clients from those malicious servers. In this paper, we have proposed a solution for the detection and prevention of malicious servers that use the Bro Intrusion Detection System (IDS) and VirusTotal API 2.0. The detected malicious link is then blocked at the gateway.

show abstract

“…Sandbox environments are commonly used for malware analysis [18], often achieved using a Virtual Machine to examine the behaviour of malware when executed. Cuckoo sandbox [15] is an excellent tool for malware analysis, however a limiting factor is that Cuckoo is designed for a single virtual environment rather than monitoring propagation of malware across machines. We, therefore, develop a custom environment based on Cuckoo but that can support and gather data from multiple targets.…”

Section: Experimental Environmentmentioning

confidence: 99%

Investigating Malware Propagation and Behaviour Using System and Network Pixel-Based Visualisation

Williams

Legg

2021

SN COMPUT. SCI.

View full text Add to dashboard Cite

Malicious software, known as malware, is a perpetual game of cat and mouse between malicious software developers and security professionals. Recent years have seen many high profile cyber attacks, including the WannaCry and NotPetya ransomware attacks that resulted in major financial damages to many businesses and institutions. Understanding the characteristics of such malware, including how malware can propagate and interact between systems and networks is key for mitigating these threats and containing the infection to avoid further damage. In this study, we present visualisation techniques for understanding the propagation characteristics in dynamic malware analysis. We propose the use of pixel-based visualisations to convey large-scale complex information about network hosts in a scalable and informative manner. We demonstrate our approach using a virtualised network environment, whereby we can deploy malware variants and observe their propagation behaviours. As a novel form of visualising system and network activity data across a complex environment, we can begin to understand visual signatures that can help analysts identify key characteristics of the malicious behaviours, and, therefore, provoke response and mitigation against such attacks.

show abstract

Dynamic Malware Analysis Using Cuckoo Sandbox

Cited by 37 publications

References 2 publications

MalCaps: A Capsule Network Based Model for the Malware Classification

MalCaps: A Capsule Network Based Model for the Malware Classification

Detection of Malicious Servers for Preventing Client-Side Attacks

Investigating Malware Propagation and Behaviour Using System and Network Pixel-Based Visualisation

Contact Info

Product

Resources

About