Abstract
Observing and experimenting with malware with full user control have been complex and difficult to say the least. As time goes on, malwares are becoming more advanced and has the ability to realize that the environment they are targeting is virtual, thus shutting their process and leaves the testers unable to analyze further. To combat this problem, a sandbox can be used to test these malwares through modifications. The sandbox is needed to create a dummy virtual environment to test the malwares on, and modifications on the said environment will allow more controlled and specified testing. Bypassing intelligent Malware for in depth analysis will be successful. Dynamic analysis will be performed, specifically agent-based using Cuckoo open-source sandbox and agent-less using DRAKVUF by hypervisor and virtualization extension. Analysis result will be classified over few pre-defined criteria including network requests, system injections and modifications, security measures and kernel alteration; ultimately proving which technique is appropriate and reliable for prominent malware analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
DuPaul, N.: Common malware types: Cybersecurity 101 (2019). https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101. Accessed 24 Jan 2020
Bulazel, A., Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: PC, Mobile, and Web. In: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium (ROOTS), pp. 1–21. Association for Computing Machinery, New York (2017). Article 2. https://doi.org/10.1145/3150376.3150378
Stefnisson, S.: Evasive malware now a commodity (2018). https://www.security-week.com/evasive-malware-now-commodity. Accessed 24 Jan 2020
Maass, M.: A Theory and Tools for Applying Sandboxes Effectively (2018). https://doi.org/10.1184/R1/6714425
AV-TEST GmbH: Malware statistics & trends report|av-test (2019). https://www.av-test.org/en/statistics/malware.html. Accessed 24 Jan 2020
Akbanov, M., Vassilakis, V., Logothetis, M.D.: Ransomware detection and mitigation using software-defined networking: the case of WannaCry. Comput. Electr. Eng. 76, 111–121 (2019). https://doi.org/10.1016/j.compeleceng.2019.03.012
Chailytko, A., Skuratovich, S.: Defeating sandbox evasion: how to increase the successful emulation rate in your virtual environment. In: ShmooCon (2017)
Muhammad, A., Shiaeles, S., Ghita, B.V. and Papadaki, M.: Agent-based vs agent-less sandbox for dynamic behavioral analysis (2018). https://doi.org/10.1109/GIIS.2018.8635598
Marchetto, V., Liu, X.: An investigation of cryptojacking: malware analysis and defense strategies. J. Strateg. Innov. Sustain. 14(1) (2019). https://doi.org/10.33423/jsis.v14i1.987
Rubio-Ayala, S.: An automated behaviour-based malware analysis method based on free open source software, p. 111 (2017)
Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system (2014). https://doi.org/10.1145/2664243.2664252
Lin, C., Pao, H., Liao, J.: Efficient dynamic malware analysis using virtual time control mechanics. Comput. Secur. 73, 359–373 (2018). https://doi.org/10.1016/j.cose.2017.11.010. ISSN 0167-4048
Tanda, S.: Monitoring & controlling kernel-mode events by hyperplatform. In: REcon Conference, Montreal, Canada (2016). https://doi.org/10.5446/32745
Brengel, M., Backes, M., Rossow, C.: Detecting hardware-assisted virtualization. In: Caballero, J., Zurutuza, U., RodrÃguez, Ricardo J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 207–227. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_11
Bolzoni, D., Schade, C., Etalle, S.: A cuckoo’s egg in the malware nest: on-the-fly signature-less malware analysis, detection, and containment for large networks. In: The Past, Present, and Future of System Administration: Proceedings of the 25th Large Installation System Administration Conference, LISA 2011, 4–9 December 2011, Boston, MA, USA (2011)
Nativ, Y.: The Zoo – A Live Malware Repository (2019). https://github.com/ytisf/theZoo. Accessed 24 Jan 2020
Botacin, M.F., de Geus, P.L., Grégio, A.R.A.: The other guys: automated analysis of marginalized malware. J. Comput. Virol. Hack. Tech. 14(1), 87–98 (2017). https://doi.org/10.1007/s11416-017-0292-8
Sistemas, H.: VirusTotal (2020). https://www.virustotal.com/gui/home/upload. Accessed 24 Jan 2020
Berlin, K., Slater, D., Saxe, J: Malicious behavior detection using windows audit logs (2015). https://doi.org/10.1145/2808769.2808773
Shibahara, T., Yagi, T., Akiyama, M., Chiba, D., Yada, T.: Efficient dynamic malware analysis based on network behavior using deep learning, pp. 1–7 (2016). https://doi.org/10.1109/glocom.2016.7841778
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Muzahid, M.Z., Akram, M.B., Alamgir, A.K.M. (2020). Analysis of Agent-Based and Agent-Less Sandboxing for Dynamic Malware Analysis. In: Bhuiyan, T., Rahman, M.M., Ali, M.A. (eds) Cyber Security and Computer Science. ICONCS 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 325. Springer, Cham. https://doi.org/10.1007/978-3-030-52856-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-52856-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52855-3
Online ISBN: 978-3-030-52856-0
eBook Packages: Computer ScienceComputer Science (R0)