Agent-based vs agent-less sandbox for dynamic behavioral analysis

Muhammad Ali; Stavros Shiaeles; Maria Papadaki; Bogdan V. Ghita

doi:10.1109/GIIS.2018.8635598

Agent-based vs agent-less sandbox for dynamic behavioral analysis

Muhammad Ali, Stavros Shiaeles, Maria Papadaki, Bogdan V. Ghita

School of Computing

University of Plymouth

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

257 Downloads (Pure)

Abstract

Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc.Through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.

Original language	English
Title of host publication	2018 Global Information Infrastructure and Networking Symposium, GIIS 2018
Publisher	Institute of Electrical and Electronics Engineers Inc.
Number of pages	5
ISBN (Electronic)	978-1-5386-7272-3
ISBN (Print)	978-1-5386-7273-0
DOIs	https://doi.org/10.1109/GIIS.2018.8635598
Publication status	Published - 7 Feb 2019
Event	2018 Global Information Infrastructure and Networking Symposium - Thessaloniki, Greece Duration: 23 Oct 2018 → 25 Oct 2018

Publication series

Name	2018 Global Information Infrastructure and Networking Symposium, GIIS 2018
Publisher	IEEE
ISSN (Print)	2379-3783
ISSN (Electronic)	2150-329X

Conference

Conference	2018 Global Information Infrastructure and Networking Symposium
Abbreviated title	GIIS 2018
Country/Territory	Greece
City	Thessaloniki
Period	23/10/18 → 25/10/18

Keywords

Cuckoo
Dynamic analysis
Malware detection
Static analysis
VMRay

Access to Document

10.1109/GIIS.2018.8635598

Agentbased_Vs_Agentless_Sandbox_for_doing_Dynamic_Behavioral_Analysis_Final v2
© © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript (Post-print), 539 KB

Cite this

Ali, M., Shiaeles, S., Papadaki, M., & Ghita, B. V. (2019). Agent-based vs agent-less sandbox for dynamic behavioral analysis. In 2018 Global Information Infrastructure and Networking Symposium, GIIS 2018 Article 8635598 (2018 Global Information Infrastructure and Networking Symposium, GIIS 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GIIS.2018.8635598

@inproceedings{1de914fccbab46a1b9635a2d2138974b,

title = "Agent-based vs agent-less sandbox for dynamic behavioral analysis",

abstract = "Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc.Through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.",

keywords = "Cuckoo, Dynamic analysis, Malware detection, Static analysis, VMRay",

author = "Muhammad Ali and Stavros Shiaeles and Maria Papadaki and Ghita, {Bogdan V.}",

year = "2019",

month = feb,

day = "7",

doi = "10.1109/GIIS.2018.8635598",

language = "English",

isbn = "978-1-5386-7273-0",

series = "2018 Global Information Infrastructure and Networking Symposium, GIIS 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2018 Global Information Infrastructure and Networking Symposium, GIIS 2018",

address = "United States",

note = "2018 Global Information Infrastructure and Networking Symposium, GIIS 2018 ; Conference date: 23-10-2018 Through 25-10-2018",

}

Ali, M, Shiaeles, S, Papadaki, M & Ghita, BV 2019, Agent-based vs agent-less sandbox for dynamic behavioral analysis. in 2018 Global Information Infrastructure and Networking Symposium, GIIS 2018., 8635598, 2018 Global Information Infrastructure and Networking Symposium, GIIS 2018, Institute of Electrical and Electronics Engineers Inc., 2018 Global Information Infrastructure and Networking Symposium, Thessaloniki, Greece, 23/10/18. https://doi.org/10.1109/GIIS.2018.8635598

Agent-based vs agent-less sandbox for dynamic behavioral analysis. / Ali, Muhammad; Shiaeles, Stavros; Papadaki, Maria et al.
2018 Global Information Infrastructure and Networking Symposium, GIIS 2018. Institute of Electrical and Electronics Engineers Inc., 2019. 8635598 (2018 Global Information Infrastructure and Networking Symposium, GIIS 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Agent-based vs agent-less sandbox for dynamic behavioral analysis

AU - Ali, Muhammad

AU - Shiaeles, Stavros

AU - Papadaki, Maria

AU - Ghita, Bogdan V.

PY - 2019/2/7

Y1 - 2019/2/7

N2 - Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc.Through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.

AB - Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc.Through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.

KW - Cuckoo

KW - Dynamic analysis

KW - Malware detection

KW - Static analysis

KW - VMRay

UR - http://www.scopus.com/inward/record.url?scp=85062843501&partnerID=8YFLogxK

UR - http://giis-2018.org/

UR - https://pearl.plymouth.ac.uk/handle/10026.1/14703

U2 - 10.1109/GIIS.2018.8635598

DO - 10.1109/GIIS.2018.8635598

M3 - Conference contribution

AN - SCOPUS:85062843501

SN - 978-1-5386-7273-0

T3 - 2018 Global Information Infrastructure and Networking Symposium, GIIS 2018

BT - 2018 Global Information Infrastructure and Networking Symposium, GIIS 2018

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2018 Global Information Infrastructure and Networking Symposium

Y2 - 23 October 2018 through 25 October 2018

ER -

Agent-based vs agent-less sandbox for dynamic behavioral analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this