Integrated Malware Analysis Sandbox for Static and Dynamic Analysis

Integrated Malware Analysis Sandbox for Static and Dynamic Analysis

연구 분야: Safety

학회: 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)

Malwares are an extensively researched topic and their study is an important domain in the realms of cybersecurity. However, as such, as the creativity and numbers of hackers and malicious users increase, it becomes incredibly important for cybersecurity professionals to become wary about existing malwares while also being able to recognize suspicious activity for files.Static analysis and dynamic analysis for a particular file is an approach that can help understand the integral fault with a particular exe file while at the same time, observe it for a period of time to see what type of actions it takes. For it need to do so, it needs to be suspended in a virtual environment where it cannot harm the system by implementing the same through Docker. Not only does it prevent the file from causing issues but the level of inspection is also increased while protecting the security of the system.For the crux of this study, the proposed architecture will be dealing with two primary types of analyses, namely static analysis and dynamic analysis. The former will cover most of the existing techniques used for static analysis such as checksums of viruses and PE analysis while the latter will cover utilities that observe the behavior of the inspected file in an isolated environment ranging from its memory information to its TCP dump. Finally, the two will be integrated for a full-scan on a virtual environment to ensure that the virtual machine can utilize this integrated sandbox to its best potential.