The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
악성코드는 인터넷의 주요 보안 위협 중 하나로 인식되어 왔습니다. 이전 연구에서는 주로 시스템 내 악성 코드의 내부 활동에 중점을 두었습니다. 그러나 맬웨어 분석에서는 네트워크를 향한 맬웨어의 외부 활동을 추출하여 보안 사고와 연관시키는 것이 중요합니다. 우리는 맬웨어를 분석하는 새로운 방법을 제안합니다. 즉, 맬웨어의 외부(예: 네트워크) 활동에 면밀히 초점을 맞추는 것입니다. 악성코드 샘플은 피해자인 실제 머신과 가상 인터넷 환경으로 구성된 샌드박스에서 실행된다. 이 샌드박스 환경은 실제 인터넷과 완전히 격리되어 있으므로 샘플을 실행해도 원치 않는 전파가 더 이상 발생하지 않습니다. 스캔 동작과 같은 악성코드의 특정 활동을 추출하도록 샌드박스를 구성할 수 있습니다. 우리는 샌드박스를 통해 완전 자동화된 악성 코드 분석 시스템을 구현하여 대규모 악성 코드 분석을 수행할 수 있습니다. 제안한 시스템을 활용하여 얻은 구체적인 분석 결과를 제시한다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Daisuke INOUE, Katsunari YOSHIOKA, Masashi ETO, Yuji HOSHIZAWA, Koji NAKAO, "Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 5, pp. 945-954, May 2009, doi: 10.1587/transinf.E92.D.945.
Abstract: Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.945/_p
부
@ARTICLE{e92-d_5_945,
author={Daisuke INOUE, Katsunari YOSHIOKA, Masashi ETO, Yuji HOSHIZAWA, Koji NAKAO, },
journal={IEICE TRANSACTIONS on Information},
title={Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities},
year={2009},
volume={E92-D},
number={5},
pages={945-954},
abstract={Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.},
keywords={},
doi={10.1587/transinf.E92.D.945},
ISSN={1745-1361},
month={May},}
부
TY - JOUR
TI - Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities
T2 - IEICE TRANSACTIONS on Information
SP - 945
EP - 954
AU - Daisuke INOUE
AU - Katsunari YOSHIOKA
AU - Masashi ETO
AU - Yuji HOSHIZAWA
AU - Koji NAKAO
PY - 2009
DO - 10.1587/transinf.E92.D.945
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E92-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2009
AB - Malware has been recognized as one of the major security threats in the Internet . Previous researches have mainly focused on malware's internal activity in a system. However, it is crucial that the malware analysis extracts a malware's external activity toward the network to correlate with a security incident. We propose a novel way to analyze malware: focus closely on the malware's external (i.e., network) activity. A malware sample is executed on a sandbox that consists of a real machine as victim and a virtual Internet environment. Since this sandbox environment is totally isolated from the real Internet, the execution of the sample causes no further unwanted propagation. The sandbox is configurable so as to extract specific activity of malware, such as scan behaviors. We implement a fully automated malware analysis system with the sandbox, which enables us to carry out the large-scale malware analysis. We present concrete analysis results that are gained by using the proposed system.
ER -