Skip to main content
SpringerLink
Log in

Analysis of Agent-Based and Agent-Less Sandboxing for Dynamic Malware Analysis

  • Conference paper
  • First Online:
Cyber Security and Computer Science (ICONCS 2020)

Included in the following conference series:

  • 1213 Accesses

Abstract

Observing and experimenting with malware with full user control have been complex and difficult to say the least. As time goes on, malwares are becoming more advanced and has the ability to realize that the environment they are targeting is virtual, thus shutting their process and leaves the testers unable to analyze further. To combat this problem, a sandbox can be used to test these malwares through modifications. The sandbox is needed to create a dummy virtual environment to test the malwares on, and modifications on the said environment will allow more controlled and specified testing. Bypassing intelligent Malware for in depth analysis will be successful. Dynamic analysis will be performed, specifically agent-based using Cuckoo open-source sandbox and agent-less using DRAKVUF by hypervisor and virtualization extension. Analysis result will be classified over few pre-defined criteria including network requests, system injections and modifications, security measures and kernel alteration; ultimately proving which technique is appropriate and reliable for prominent malware analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. DuPaul, N.: Common malware types: Cybersecurity 101 (2019). https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101. Accessed 24 Jan 2020

  2. Bulazel, A., Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: PC, Mobile, and Web. In: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium (ROOTS), pp. 1–21. Association for Computing Machinery, New York (2017). Article 2. https://doi.org/10.1145/3150376.3150378

  3. Stefnisson, S.: Evasive malware now a commodity (2018). https://www.security-week.com/evasive-malware-now-commodity. Accessed 24 Jan 2020

  4. Maass, M.: A Theory and Tools for Applying Sandboxes Effectively (2018). https://doi.org/10.1184/R1/6714425

  5. AV-TEST GmbH: Malware statistics & trends report|av-test (2019). https://www.av-test.org/en/statistics/malware.html. Accessed 24 Jan 2020

  6. Akbanov, M., Vassilakis, V., Logothetis, M.D.: Ransomware detection and mitigation using software-defined networking: the case of WannaCry. Comput. Electr. Eng. 76, 111–121 (2019). https://doi.org/10.1016/j.compeleceng.2019.03.012

    Article  Google Scholar 

  7. Chailytko, A., Skuratovich, S.: Defeating sandbox evasion: how to increase the successful emulation rate in your virtual environment. In: ShmooCon (2017)

    Google Scholar 

  8. Muhammad, A., Shiaeles, S., Ghita, B.V. and Papadaki, M.: Agent-based vs agent-less sandbox for dynamic behavioral analysis (2018). https://doi.org/10.1109/GIIS.2018.8635598

  9. Marchetto, V., Liu, X.: An investigation of cryptojacking: malware analysis and defense strategies. J. Strateg. Innov. Sustain. 14(1) (2019). https://doi.org/10.33423/jsis.v14i1.987

  10. Rubio-Ayala, S.: An automated behaviour-based malware analysis method based on free open source software, p. 111 (2017)

    Google Scholar 

  11. Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system (2014). https://doi.org/10.1145/2664243.2664252

  12. Lin, C., Pao, H., Liao, J.: Efficient dynamic malware analysis using virtual time control mechanics. Comput. Secur. 73, 359–373 (2018). https://doi.org/10.1016/j.cose.2017.11.010. ISSN 0167-4048

    Article  Google Scholar 

  13. Tanda, S.: Monitoring & controlling kernel-mode events by hyperplatform. In: REcon Conference, Montreal, Canada (2016). https://doi.org/10.5446/32745

  14. Brengel, M., Backes, M., Rossow, C.: Detecting hardware-assisted virtualization. In: Caballero, J., Zurutuza, U., Rodríguez, Ricardo J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 207–227. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_11

    Chapter  Google Scholar 

  15. Bolzoni, D., Schade, C., Etalle, S.: A cuckoo’s egg in the malware nest: on-the-fly signature-less malware analysis, detection, and containment for large networks. In: The Past, Present, and Future of System Administration: Proceedings of the 25th Large Installation System Administration Conference, LISA 2011, 4–9 December 2011, Boston, MA, USA (2011)

    Google Scholar 

  16. Nativ, Y.: The Zoo – A Live Malware Repository (2019). https://github.com/ytisf/theZoo. Accessed 24 Jan 2020

  17. Botacin, M.F., de Geus, P.L., Grégio, A.R.A.: The other guys: automated analysis of marginalized malware. J. Comput. Virol. Hack. Tech. 14(1), 87–98 (2017). https://doi.org/10.1007/s11416-017-0292-8

    Article  Google Scholar 

  18. Sistemas, H.: VirusTotal (2020). https://www.virustotal.com/gui/home/upload. Accessed 24 Jan 2020

  19. Berlin, K., Slater, D., Saxe, J: Malicious behavior detection using windows audit logs (2015). https://doi.org/10.1145/2808769.2808773

  20. Shibahara, T., Yagi, T., Akiyama, M., Chiba, D., Yada, T.: Efficient dynamic malware analysis based on network behavior using deep learning, pp. 1–7 (2016). https://doi.org/10.1109/glocom.2016.7841778

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Dhaka, Dhaka, Bangladesh

    Md. Zaki Muzahid, Mahsin Bin Akram & A. K. M. Alamgir

Authors
  1. Md. Zaki Muzahid
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahsin Bin Akram
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. K. M. Alamgir
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md. Zaki Muzahid .

Editor information

Editors and Affiliations

  1. Daffodil International University, Dhaka, Bangladesh

    Touhid Bhuiyan

  2. Daffodil International University, Dhaka, Bangladesh

    Md. Mostafijur Rahman

  3. Daffodil International University, Dhaka, Bangladesh

    Md. Asraf Ali

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Muzahid, M.Z., Akram, M.B., Alamgir, A.K.M. (2020). Analysis of Agent-Based and Agent-Less Sandboxing for Dynamic Malware Analysis. In: Bhuiyan, T., Rahman, M.M., Ali, M.A. (eds) Cyber Security and Computer Science. ICONCS 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 325. Springer, Cham. https://doi.org/10.1007/978-3-030-52856-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-52856-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-52855-3

  • Online ISBN: 978-3-030-52856-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation