Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis

Ali, Muhammad; Shiaeles, Stavros; Papadaki, Maria and Ghita, Bogdan V. 2018. 'Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis'. In: Global Information Infrastructure and Networking Symposium (GIIS 2018). Thessaloniki, Greece 23-25 October 2018. [Conference or Workshop Item]

[img]
Preview
Text
1904.02100v1.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial.

Download (534kB) | Preview

Abstract or Description

Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.

Item Type:

Conference or Workshop Item (Paper)

Identification Number (DOI):

https://doi.org/10.1109/GIIS.2018.8635598

Additional Information:

This work was supported by CYBER-TRUST project, which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 786698.

Keywords:

Malware detection, Static analysis, Dynamic analysis, Cuckoo, VMRay

Related URLs:

Departments, Centres and Research Units:

Computing

Dates:

DateEvent
23 October 2018Published

Event Location:

Thessaloniki, Greece

Date range:

23-25 October 2018

Item ID:

28237

Date Deposited:

03 Mar 2020 16:39

Last Modified:

04 Mar 2020 16:45

URI:

http://research.gold.ac.uk/id/eprint/28237

View statistics for this item...

Edit Record Edit Record (login required)