2011 | OriginalPaper | Buchkapitel
TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet
verfasst von : Christian Gorecki, Felix C. Freiling, Marc Kührer, Thorsten Holz
Erschienen in: Stabilization, Safety, and Security of Distributed Systems
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Dynamic analysis of malicious software (
malware
) is a powerful tool in countering modern threats on the Internet. In dynamic analysis, a malware sample is executed in a controlled environment and its actions are logged. Through dynamic analysis, an analyst can quickly obtain an overview of malware behavior and can decide whether or not to indulge into tedious manual analysis of the sample. However, usual dynamic analysis exposes the Internet to the threats of an executed malware (like portscans) because advanced concealment techniques of malware often require full Internet access. For example, a missing link to the Internet or the unavailability of a specific server often causes the malware to not trigger its malicious behavior. In this paper, we present
TrumanBox
, a technique to emulate relevant parts of the Internet to enhance dynamic malware analysis. We show that
TrumanBox
not only prevents many threats but also enlarges the scope of the types of malware that can be analyzed dynamically.