Dynamic Malware Analysis Using a Sandbox Environment, Network Traffic Logs, and Artificial Intelligence.
DOI:
https://doi.org/10.22399/ijcesen.460Keywords:
Artificial intelligence, Machine Learning, Cyber security, malware analysis, sandbox, network logsAbstract
Dynamic malware analysis plays a pivotal role in modern cybersecurity, offering insights into malware behavior through dynamic execution and network traffic analysis. In this study, we present a comprehensive approach to dynamic malware analysis using a sandbox environment and network traffic logs. Our methodology involves the extraction of relevant features from network traffic captured in pcap files. We conducted experiments using a virtualized Oracle VirtualBox environment, where benign and malicious software samples were executed within a Windows virtual machine controlled by Python scripts. For network emulation, we utilized tools from the REMnux distribution, including InetSim and FakeDNS, to simulate realistic network interactions during malware execution. The collected pcap data underwent preprocessing and feature extraction to capture essential behavioral patterns and network indicators. Machine learning and artificial intelligence models were developed to classify malware based on these extracted features. Our findings underscore the efficacy of dynamic analysis coupled with machine learning in detecting and classifying malware variants based on their network behavior. This research contributes to advancing techniques for real-time threat detection and response in cybersecurity, emphasizing the importance of dynamic malware analysis in mitigating evolving cyber threats.
References
National Institute of Standards and Technology. (n.d.). Glossary of key information security terms. Retrieved September 10, 2024, from https://csrc.nist.gov/Glossary/?term=5373
TechTarget. (n.d.). Malware. Retrieved September 10, 2024, from https://searchsecurity.techtarget.com/definition/malware
BullGuard. (n.d.). Malware definition, history, and classification. Retrieved September 10, 2024, from https://www.bullguard.com/bullguard-security-center/pc-security/computer-threats/malware-definition,-history-andclassification.aspx
Kaspersky. (n.d.). What is malware and how to protect against it. Retrieved September 10, 2024, from https://www.kaspersky.com/resource-center/preemptive-safety/what-is-malware-and-how-to-protect-against-it
Norton. (n.d.). Malware. Retrieved September 10, 2024, from https://us.norton.com/internetsecurity-malware.html
MalwareBazaar. (n.d.). Free automated malware analysis platform. Retrieved from https://malwarebazaar.com/
Bormaa. (n.d.). Open-source benign samples. Retrieved from https://github.com/bormaa/Benign-NET
Szor, P. (2005). The art of computer virus research and defense. Pearson Education.
Bhaskar Pratim Sarma, Ninghui Li, Chris Gates, Rahul Potharaju, Cristina Nita-Rotaru, and Ian Molloy. Android permissions: a perspective combining risks and benefits. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pages 13–22. ACM, 2012.
Chun-Ying Huang, Yi-Ting Tsai, and Chung-Han Hsu. Performance evaluation on permission-based detection for android malware. In Advances in Intelligent Systems and Applications-Volume 2, pages 111–120. Springer, 2013.
Rushabh Vyas, Xiao Luo, Nichole McFarland, and Connie Justice (2017). Investigation of malicious portable executable file detection on the network using supervised learning techniques. In Integrated Network and Service Management (IM), IFIP/IEEE Symposium, pages 941–946. IEEE, 2017.
Asaf Shabtai, Uri Kanonov, Yuval Elovici, Chanan Glezer, and YaelWeiss (2012). andromaly: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 38(1):161–190.
Yanfang Ye, Lingwei Chen, Shifu Hou, William Hardy, and Xin Li (2017). Deepam: a heterogeneous deep learning framework for intelligent malware detection. Knowledge and Information Systems, pages 1–21.
D. Gibert, C. Mateu, and J. Planes (2020). HYDRA: A multimodal deep learning framework for malware classification. Comput. Secur, 95; 101873.
Z. Fang, J. Wang, J. Geng, and X. Kan (2019). Feature selection for malware detection based on reinforcement learning. IEEE Access,7;176177–176187.
F. O. Catak, A. F. Yazı, O. Elezaj, and J. Ahmed (2020). Deep learning based sequential model for malware analysis using windows exe API calls. Peer J. Comput. Sci., 6;e285, doi: 10.7717/peerj-cs.285.
C. M. Chen, G.-H. Lai, T.-C. Chang, and B. Lee (2020). Detecting pe-infection based malware. in Proc. Future Inf. Commun. Conf. Cham, Switzerland: Springer, pp. 774–781.
M. E. Ahmed, S. Nepal, and H. Kim (2018), “MEDUSA: Malware detection using statistical analysis of system’s behavior,” in Proc. IEEE 4th Int. Conf. Collaboration Internet Comput. (CIC), pp. 272–278.
Trizna, Dmitrijs et al. (2024) Nebula: Self-Attention for Dynamic Malware Analysis. IEEE transactions on information forensics and security, 19, DOI 10.1109/TIFS.2024.3409083
Lee, Sunjun et al. (2024). Hybrid Dynamic Analysis for Android Malware Protected by Anti-Analysis Techniques with DOOLDA. Journal of internet technolog, 25(2).
DOI 10.53106/160792642024032502003
Cui, Yuning et al. (2023). DroidHook: a novel API-hook based Android malware dynamic analysis sandbox. Automated software engineering, 30(1). DOI 10.1007/s10515-023-00378-w
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
