Sandbox as a Service: automatizando a configuracão do Cuckoo Sandbox e a geração de dados para análise de malware
Abstract
This paper seeks to create a unified platform for dynamic and static malware analysis, in which several researchers can generate datasets for use in their research. It is proposed that the generation of such datasets be flexible enough to cover the different areas of malware research, allowing choosing among the fields obtained from the analysis phase, which may or may not be included in the resulting dataset. Through extensions to the functionalities of the Cuckoo Sandbox platform, new functionalities were implemented, allowing the batch download of reports generated in CSV format, more suitable for machine learning algorithms.References
Borges, M., Labaki, A., Cattelan, R., and Miani, R. (2021). Construção de um conjunto de dados para análise estatística de ransomwares. In Anais Estendidos do XVII Simpósio Brasileiro de Sistemas de Informação, pages 41–44.
Catak, F., Yazi, A., Elezaj, O., and Ahmed, J. (2020). Deep learning based Sequential model for malware analysis using Windows exe API Calls. PeerJ Computer Science, 6:e285.
Cuckoo Foundation (2010). What is cuckoo? https://cuckoo.readthedocs.io/en/latest/introduction/what. Acesso em: 16/05/2022.
Ehteshamifar, S., Barresi, A., Gross, T. R., and Pradel, M. (2019). Easy to fool: testing the anti-evasion capabilities of pdf malware scanners. ArXiv, abs/1901.05674.
Ferrand, O. (2015). How to detect the cuckoo sandbox and to strengthen it? Journal of Computer Virology and Hacking Techniques, 11:51–58.
Gibert, D., Mateu, C., and Planes, J. (2020). The rise of machine learning for detection and classification of malware: Research developments, trends and challenges. Journal of Network and Computer Applications, 153:102526.
Guibernau, F. (2020). Catch me if you can! - detecting sandbox evasion techniques. USENIX Association.
Miller, C., Glendowne, D., Cook, H., Thomas, D., Lanclos, C., and Pape, P. (2017). Insights gained from constructing a large scale dynamic analysis platform. Digit. Investig., 22(S):S48–S56.
Sethi, K., Chaudhary, S. K., Tripathy, B. K., and Bera, P. (2018). A novel malware analysis framework for malware detection and classification using machine learning approach. In Proceedings of the 19th International Conference on Distributed Computing and Networking, pages 1–4.
Yusirwan, S., Prayudi, Y., and Riadi, I. (2015). Implementation of malware analysis using static and dynamic analysis method. Int. J. Comput. Appl., 117:11–15.
Catak, F., Yazi, A., Elezaj, O., and Ahmed, J. (2020). Deep learning based Sequential model for malware analysis using Windows exe API Calls. PeerJ Computer Science, 6:e285.
Cuckoo Foundation (2010). What is cuckoo? https://cuckoo.readthedocs.io/en/latest/introduction/what. Acesso em: 16/05/2022.
Ehteshamifar, S., Barresi, A., Gross, T. R., and Pradel, M. (2019). Easy to fool: testing the anti-evasion capabilities of pdf malware scanners. ArXiv, abs/1901.05674.
Ferrand, O. (2015). How to detect the cuckoo sandbox and to strengthen it? Journal of Computer Virology and Hacking Techniques, 11:51–58.
Gibert, D., Mateu, C., and Planes, J. (2020). The rise of machine learning for detection and classification of malware: Research developments, trends and challenges. Journal of Network and Computer Applications, 153:102526.
Guibernau, F. (2020). Catch me if you can! - detecting sandbox evasion techniques. USENIX Association.
Miller, C., Glendowne, D., Cook, H., Thomas, D., Lanclos, C., and Pape, P. (2017). Insights gained from constructing a large scale dynamic analysis platform. Digit. Investig., 22(S):S48–S56.
Sethi, K., Chaudhary, S. K., Tripathy, B. K., and Bera, P. (2018). A novel malware analysis framework for malware detection and classification using machine learning approach. In Proceedings of the 19th International Conference on Distributed Computing and Networking, pages 1–4.
Yusirwan, S., Prayudi, Y., and Riadi, I. (2015). Implementation of malware analysis using static and dynamic analysis method. Int. J. Comput. Appl., 117:11–15.
Published
2022-09-12
How to Cite
FIGUEIREDO, Guilherme V.; CATTELAN, Renan G.; MIANI, Rodrigo S..
Sandbox as a Service: automatizando a configuracão do Cuckoo Sandbox e a geração de dados para análise de malware. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 198-211.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.224360.
