Advanced Search
Volume 41 Issue 2
Jan.  2019
Turn off MathJax
Article Contents
Guanghui LIANG, Jianmin PANG, Zheng SHAN. Malware Sandbox Evasion Detection Based on Code Evolution[J]. Journal of Electronics & Information Technology, 2019, 41(2): 341-347. doi: 10.11999/JEIT180257
Citation: Guanghui LIANG, Jianmin PANG, Zheng SHAN. Malware Sandbox Evasion Detection Based on Code Evolution[J]. Journal of Electronics & Information Technology, 2019, 41(2): 341-347. doi: 10.11999/JEIT180257

Malware Sandbox Evasion Detection Based on Code Evolution

doi: 10.11999/JEIT180257
Funds:  The National Natural Science Foundation of China (61472447, 61802435, 61802433)
  • Received Date: 2018-03-21
  • Rev Recd Date: 2018-11-06
  • Available Online: 2018-11-14
  • Publish Date: 2019-02-01
  • In order to resist the malware sandbox evasion behavior, improve the efficiency of malware analysis, a code-evolution-based sandbox evasion technique for detecting the malware behavior is proposed. The approach can effectively accomplish the detection and identification of malware by first extracting the static and dynamic features of malware software and then differentiating the variations of such features during code evolution using sandbox evasion techniques. With the proposed algorithm, 240 malware samples with sandbox-bypassing behaviors can be uncovered successfully from 7 malware families. Compared with the JOE analysis system, the proposed algorithm improves the accuracy by 12.5% and reduces the false positive to 1%, which validates the proposed correctness and effectiveness.

  • loading
  • ANUBIS: Analyzing unknown binaries[OL]. www.anubis.iseclab.org, 2015.
    YIN Heng and SONG Dawn. Temu: Binary code analysis via whole-system layered annotative execution[R]. Submitted to Vee University of California, Berkeley, Tech Rep, 2010.
    CUCKOO Sandbox. Automated malware analysis[OL]. www.cuckoosandbox.org, 2016.
    RAIU C, HASBINI M, BEOLV S, et al. From Shamoon to Stonedrill-Wipers attacking Saudi organizations and beyond[R]. Kaspersky Lab, March, 2017.
    YOKOYAMA A, ISHII K, and TANABE R. SandPrint: Fingerprinting malware sandboxes to provide intelligence for sandbox evasion[C]. International Symposium on Research in Attacks, Intrusions, and Defenses, SudParis, France, 2016: 165–187.
    KIRAT D, VINGA G, and KRUEGEL C. Barebox: Efficient malware analysis on bare-metal[C]. Proceeding of the 27th Annual Computer Security Applications Conference, Orlando, USA, 2011: 403–412.
    CRANDALL J R, WASSERMANN G, and OLIVEIRA D A S. Temporal search: Detecting hidden malware timebombs with virtual machines[J]. ACM SIGARCH Computer Architecture News, 2006, 34(5): 25–36. doi: 10.1145/1168919
    KIRAT D and VIGNA G. MalGene: Automatic extraction of malware analysis evasion signature[C]. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, USA, 2015: 769–780.
    GILBOY M R. Fighting evasive malware with DVasion[D]. [Master dissertation], University of Maryland, College Park, 2016: 31–44.
    TANBE R. Evasive malware via identifier implanting[C]. International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Pairs, France, 2018: 162–184.
    KRUEGEL C. Evasive malware exposed and deconstructed[C]. RSA Conference, San Francisco, USA, 2015: 112–120.
    MIRAMIRKHANI N, APPINI M P, and NIKIFORAKIS N. Spotless sandboxes: Evading malware analysis systems using wear-and-tear artifacts[C]. IEEE Symposium on Security and Privacy, San Jose, USA, 2017: 1009–1024.
    BINDIFF[OL]. www.zynamics.com/bindiff.html. 2017.
    张一弛. 基于反编译的恶意代码检测关键技术研究与实现[D]. [博士论文], 解放军信息工程大学, 2009: 22–39.

    ZHANG Yichi. Research and Implementation of critical technology in malware detection based on decompilation[D]. [Ph.D. dissertation], PLA Information and Engineering University, 2009: 22–39.
    KI Y, KIM E, and KIM H. A novel approach to detect malware based on API call sequence analysis[J]. International Journal of Distributed Sensor Networks, 2015, 58(7): 3201–3206.
    MALWAREBENCHMARK[OL]. www.malwarebenchmark.org, 2018.
    JOESECURITY Sandbox[OL]. www.joesandbox.com, 2018.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(2)  / Tables(5)

    Article Metrics

    Article views (2571) PDF downloads(142) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return