Malware Sandbox Analysis with Efficient Observation of Herder's Behavior

Behavior Abstraction in Malware Analysis

trace language Abstract a trace language L by reducing it w.r.t. a behavior pattern Ba trace language L by reducing it w.r.t. a behavior pattern B

SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion

To cope with the ever-increasing volume of malware samples, automated program analysis techniques are inevitable. Malware sandboxes in particular have become the de facto standard to extract a program’s behavior. However, the strong need to automate program analysis also bears the risk that anyone that can submit programs to learn and leak the characteristics of a particular sandbox. We introdu...

Your Sandbox is Blinded: Impact of Decoy Injection to Public Malware Analysis Systems

The use of public Malware Sandbox Analysis Systems (public MSASs) which receive online submissions of possibly malicious files or URLs from an arbitrary user, analyze their behavior by executing or visiting them by a testing environment (i.e., a sandbox), and send analysis reports back to the user, has increased in popularity. Consequently, anti-analysis techniques have also evolved from known ...

Behavior-based Malware Detection with Quantitative Data Flow Analysis

Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities

Malware has been recognized as one of the major security threats in the Internet. Previous researches have mainly focused on malware’s internal activity in a system. However, it is crucial that the malware analysis extracts a malware’s external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware’s external (i...