Enhancing malware analysis sandboxes with emulated user behavior

Liu, Songsong; Feng, Pengbin; Wang, Shu; Sun, Kun; Cao, Jiahao

doi:10.1016/j.cose.2022.102613

Cited by 20 publications

(8 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In addition, fine-tuning neurons in the running layers could significantly affect deep learning prediction accuracy and minimize the elapsed time (time consumption by training and testing pipelines). Hence, the dual deep learning predictive model like that of CNN-BiLSTM architecture could emulate the training imbalanced cyber-data stream into an informative feature space without compromising its effectiveness and efficiency in a sandboxing context [42], [43]. According to the results shown in Table 5, our technique offers comparable accuracy, recall, and precision to the current state-of-the-art models.…”

Section: Resultsmentioning

confidence: 89%

Deep learning in phishing mitigation: a uniform resource locator-based predictive model

Salah

Zuhair

2023

IJECE

View full text Add to dashboard Cite

<span lang="EN-US">To mitigate the evolution of phish websites, various phishing prediction8 schemes are being optimized eventually. However, the optimized methods produce gratuitous performance overhead due to the limited exploration of advanced phishing cues. Thus, a phishing uniform resource locator-based predictive model is enhanced by this work to defeat this deficiency using deep learning algorithms. This model’s architecture encompasses pre-processing of the effective feature space that is made up of 60 mutual uniform resource locator (URL) phishing features, and a dual deep learning-based model of convolution neural network with bi-directional long short-term memory (CNN-BiLSTM). The proposed predictive model is trained and tested on a dataset of 14,000 phish URLs and 28,074 legitimate URLs. Experimentally, the performance outputs are remarked with a 0.01% false positive rate (FPR) and 99.27% testing accuracy.</span>

show abstract

Section: Resultsmentioning

confidence: 89%

Deep learning in phishing mitigation: a uniform resource locator-based predictive model

Salah

Zuhair

2023

IJECE

View full text Add to dashboard Cite

show abstract

“…• Licensing Model: If the malware sandbox has an opensource or commercial license. [18], [52], [8], [25], [34].…”

Section: Discussionmentioning

confidence: 99%

“…Liu et al [18] proposed a system called User Behavior Emulator (UBER) designed to enhance malware analysis sandboxes by generating realistic system artefacts based on automatically derived user profile models. UBER aimed to prevent sandbox detection by malware leveraging system fingerprinting.…”

Section: Chen Et Almentioning

confidence: 99%

Unveiling the Dynamic Landscape of Malware Sandboxing: A Comprehensive Review

Debas,

Alhumam,

Riad

2024

IJACSA

View full text Add to dashboard Cite

In contemporary times, the landscape of malware analysis has advanced into an era of sophisticated threat detection. Today's malware sandboxes conduct rudimentary analyses and have evolved to incorporate cutting-edge artificial intelligence and machine learning capabilities. These advancements empower them to discern subtle anomalies and recognize emerging threats with a heightened level of accuracy. Moreover, malware sandboxes have adeptly adapted to counteract evasion tactics, creating a more realistic and challenging environment for malicious entities attempting to detect and evade analysis. This paper delves into the maturation of malware sandbox technology, tracing its progression from basic analysis to the intricate realm of advanced threat hunting. At the core of this evolution is the instrumental role played by malware sandboxes in providing a secure and dynamic environment for the in-depth examination of malicious code, contributing significantly to the ongoing battle against evolving cyber threats. In addressing the ongoing challenges of evasive malware detection, the focus lies on advancing detection mechanisms, leveraging machine learning models, and evolving malware sandboxes to create adaptive environments. Future efforts should prioritize the creation of comprehensive datasets, distinguish between legitimate and malicious evasion techniques, enhance detection of unknown tactics, optimize execution environments, and enable adaptability to zero-day malware through efficient learning mechanisms, thereby fortifying cybersecurity defences against emerging threats.

show abstract

“…Há esforços da comunidade acadêmica para minimizar as chances de detecção do ambiente controlado. Em [Liu et al 2022], os autores propõem a emulação de comportamentos de usuários reais no sistema. Já a pesquisa [Mills and Legg 2020] investiga as técnicas anti-evasion por meio de reconfiguração da sandbox.…”

Section: Funcionamento Da Análise Automatizadaunclassified

Introdução à Análise de Códigos Maliciosos para ambiente Windows

Marinho

Santos²,

Filho

et al. 2022

Minicursos Do XXII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais

View full text Add to dashboard Cite

Malicious code analysis aims at a deep understanding of how malware works, what tactics, techniques and procedures are used, what tools are applied, if there are network operations, file exfiltration, capture of user information or the system, among other activities. In this mini-course, participants will be trained in malicious code analysis techniques for the Windows environment. The course applies a methodology that seeks, incrementally, to aggregate new information about the malware at each stage, comprising the following stages: binary profiling (OSINT), fully automated analysis, binary properties analysis, behavior analysis and manual reverse analysis. ResumoA análise de código malicioso visa o entendimento profundo do funcionamento de um malware, como ele atua, quais as táticas, técnicas e procedimentos são utilizados, quais ferramentas são empregadas, se há operações de rede, exfiltração de arquivos, captura de informações do usuário ou do sistema, entre outras atividades. Neste minicurso os participantes serão capacitados nas técnicas de análise de códigos maliciosos para o ambiente Windows. O curso aplica uma metodologia, que busca, de forma incremental, agregar novas informações sobre o malware em cada estágio, compreendendo os seguintes estágios: profiling do binário (OSINT), análise totalmente automatizada, análise de propriedades do binário, análise de comportamento e análise reversa manual.

show abstract

Enhancing malware analysis sandboxes with emulated user behavior

Cited by 20 publications

References 9 publications

Deep learning in phishing mitigation: a uniform resource locator-based predictive model

Deep learning in phishing mitigation: a uniform resource locator-based predictive model

Unveiling the Dynamic Landscape of Malware Sandboxing: A Comprehensive Review

Introdução à Análise de Códigos Maliciosos para ambiente Windows

Contact Info

Product

Resources

About