Multi-pass malware sandbox analysis with controlled internet connection

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

Volumn E93-A, Issue 1, 2010, Pages 210-218

  Yoshioka, Katsunari ^a   Matsumoto, Tsutomu ^a  

^a YOKOHAMA NATIONAL UNIVERSITY   (Japan)

Author keywords

Malware sandbox analysis; Multi pass analysis

Indexed keywords

COMPUTER CRIME; DENIAL-OF-SERVICE ATTACK; HTTP; INTERNET; INTERNET PROTOCOLS;

ANALYSIS SYSTEM; APPLICATION PROTOCOLS; HONEYPOTS; INTERNET CONNECTION; MALWARE BEHAVIORS; MULTI-PASS; REMOTE HOST; TESTING ENVIRONMENT;

MALWARE;

EID: 77950656508     PISSN: 09168508     EISSN: 17451337     Source Type: Journal    
DOI: 10.1587/transfun.E93.A.210     Document Type: Conference Paper

References (18)

1. P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F.C. Freiling, "The nepenthes platform: An efficient approach to collect malware," 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), pp.165-184, 2006.
2. M. Bailey, J. Oberheide, J. Andersen, Z.M. Mao, F. Jahanian, and J. Nazario, "Automated classification and analysis of Internet malware," Proc. Recent Advances in Intrusion Detection, RAID07, LNCS vol.4637, pp.178-197, 2007.
3. U. Bayer, C. Kruegel, and E. Kirda, "TTAnalyze: A tool for analyzing malware," 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR), 2006.
4. X. Chen, J. Andersen, Z.M. Mao, M. Bailey, and J. Nazario, "Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware," 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), 2008.
5. H. Father, "Hooking windows API-Technics of hooking API functions on windows," CodeBreakers J., vol.1, no.2, 2004.
6. D. Inoue, K. Yoshioka, M. Eto, Y. Hoshizawa, and K. Nakao, "Malware behavior analysis in isolated miniature network for revealing malware's network activity," IEEE International Conference on Communications (ICC 2008), pp.1715-1721, 2008.
7. S. Miwa, T. Miyachi, M. Eto, M. Yoshizumi, and Y. Shinoda, "Design and implementation of an isolated sandbox with mimetic Internet used to analyze malwares," Proc. DETER Community Workshop on Cyber Security Experimentation and Test, 2007.
8. M.A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "A multifaceted approach to understanding the botnet phenomenon," Proc. 6th ACM SIGCOMM Conference on Internet Measurement, pp.41-52, 2006.
9. M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A.C. Snoeren, G.M. Voelker, and S. Savage, "Scalability, fidelity, and containment in the potemkin virtual honeyfarm," ACM SIGOPS Operating Systems Review, vol.39, no.5, pp.148-162, 2005.
10. C. Willems, T. Holz, and F. Freiling, "Toward automated dynamic malware analysis using CWSandbox," IEEE Security & Privacy Magazine, vol.5, no.2, pp.32-39, 2007.
11. CW Sandbox, http://www.cwsandbox.org/
12. Anubis, http://analysis.seclab.tuwien.ac.at/
13. NORMAN Sandbox Information Center, http://www.norman.com/microsites/nsic/
14. Sourcefire Vulnerability Research Team (VRT) Certified Rules, http://www.snort.org/vrt/
15. virustotal, http://www.virustotal.com/
16. Joebox, http://www.joebox.org/
17. FileMon and RegMon for Windows, http://technet.microsoft.com/en-us/ sysinternals/
18. InCTRL Reporting & Analysis, Measuretronix Ltd. http://www.