scholarly journals Secure and transparent network traffic replay, redirect, and relay in a dynamic malware analysis environment

2013 ◽  
Vol 7 (3) ◽  
pp. 626-640 ◽  
Author(s):  
Ying-Dar Lin ◽  
Tzung-Bi Shih ◽  
Yu-Sung Wu ◽  
Yuan-Cheng Lai
Keyword(s):  
Network Traffic ◽  
Malware Analysis ◽  
Transparent Network ◽  
Analysis Environment

scholarly journals Improving IoT Botnet Investigation Using an Adaptive Network Layer

Sensors ◽  
2019 ◽  
Vol 19 (3) ◽  
pp. 727 ◽  
Author(s):  
João Ceron ◽  
Klaus Steding-Jessen ◽  
Cristine Hoepers ◽  
Lisandro Granville ◽  
Cíntia Margi
Keyword(s):  
Network Traffic ◽  
Denial Of Service ◽  
The Internet ◽  
Malware Analysis ◽  
Distributed Denial Of Service ◽  
Network Access ◽  
Network Layer ◽  
Internet Infrastructure ◽  
Study Case ◽  
Analysis Environment

IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

Malware Analysis Platform Based on Secondary Development of Xen

2014 ◽  
Vol 530-531 ◽  
pp. 865-868
Author(s):  
Jin Rong Bai ◽  
Guo Zhong Zou ◽  
Shi Guang Mu
Keyword(s):  
Program Analysis ◽  
Secondary Development ◽  
Malware Analysis ◽  
Similar System ◽  
Execution Trace ◽  
Tracking Ability ◽  
Automated Platform ◽  
Analysis Platform ◽  
Analysis Environment ◽  
As If

The API calls reflect the functional levels of a program, analysis of the API calls would lead to an understanding of the behavior of the malware. Malware analysis environment has been widely used, but some malware already have the anti-virtual, anti-debugging and anti-tracking ability with the evolution of the malware. These analysis environments use a combination of API hooking and/or API virtualization, which are detectable by malware running at the same privilege level. In this work, we develop the fully automated platform to trace the native API calls based on secondary development of Xen and have obtained the most transparent and similar system to a Windows OS as possible in order to obtain an execution trace of a program as if it was run in an environment with no tracer present. In contrast to other approaches, the hardware-assisted nature of our approach implicitly avoids many shortcomings that arise from incomplete or inaccurate system emulation.

Farm: An automated malware analysis environment

2008 ◽  
Author(s):  
Jamie Van Randwyk ◽  
Ken Chiang ◽  
Levi Lloyd ◽  
Keith Vanderveen
Keyword(s):  
Malware Analysis ◽  
Analysis Environment

On Fingerprinting of Public Malware Analysis Services

2019 ◽  
Vol 28 (4) ◽  
pp. 473-486 ◽  
Author(s):  
Alvaro Botas ◽  
Ricardo J Rodríguez ◽  
Vicente Matellan ◽  
Juan F Garcia ◽  
M T Trobajo ◽  
...  
Keyword(s):  
Empirical Study ◽  
Virtual Environments ◽  
Malware Analysis ◽  
Malicious Software ◽  
Analysis Environment

Abstract Automatic public malware analysis services (PMAS, e.g. VirusTotal, Jotti or ClamAV, to name a few) provide controlled, isolated and virtual environments to analyse malicious software (malware) samples. Unfortunately, malware is currently incorporating techniques to recognize execution onto a virtual or sandbox environment; when an analysis environment is detected, malware behaves as a benign application or even shows no activity. In this work, we present an empirical study and characterization of automatic PMAS, considering 26 different services. We also show a set of features that allow to easily fingerprint these services as analysis environments; the lower the unlikeability of these features, the easier for us (and thus for malware) to fingerprint the analysis service they belong to. Finally, we propose a method for these analysis services to counter or at least mitigate our proposal.

Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and OC-SVM with Mahalanobis Kernel

2014 ◽  
Author(s):  
Jayro Santiago-Paz ◽  
Deni Torres-Roman ◽  
Angel Figueroa-Ypiña
Keyword(s):  
Network Traffic ◽  
Generalized Entropies

Virtualization Evolution For Transparent Malware Analysis

2012 ◽  
Vol 2 (6) ◽  
pp. 101-104
Author(s):  
Leenu Singh Leenu Singh ◽  
◽  
Syed Imtiyaz Hassan
Keyword(s):  
Malware Analysis

A Case Study on the Development of Life Insurance Prediction Model Analysis Environment Applying Open-Source Bigdata Technology

2018 ◽  
Vol 32 (1) ◽  
pp. 173-207
Author(s):  
Sung Hyun Kim ◽  
◽  
Jiwon Chun ◽  
Miyoung Lee
Keyword(s):  
Prediction Model ◽  
Open Source ◽  
Life Insurance ◽  
Model Analysis ◽  
Analysis Environment

Network traffic application type identification based on gravitational clustering

2014 ◽  
Author(s):  
Dengyin Zhang ◽  
Xiuyun Li ◽  
Jianfei Liao ◽  
Mingxiang Wang
Keyword(s):  
Network Traffic ◽  
Gravitational Clustering
Sign in / Sign up

Export Citation Format

Share Document