SecBox: A Lightweight Container-based Sandbox for Dynamic Malware Analysis

Cybersecurity solutions based on machine learning (ML) and behavioral fingerprinting have demonstrated their suitability when detecting heterogeneous malware. However, most solutions are black boxes missing explainable and visual capabilities needed to analyze relevant metrics and malicious behavior...

Full description

Saved in:
Bibliographic Details
Main Authors: Assen, Jan von der, Celdran, Alberto Huertas, Zermin, Adrian, Mogicato, Raffael, Bovet, Gerome, Stiller, Burkhard
Format: Conference Proceeding
Language:English
Subjects:
Containers
Cryptojackers
Data visualization
Dynamic Malware Analysis
Fingerprint recognition
Linux
Machine learning
Measurement
Ransomware
Sandboxing
Threat Hunting
Visualization
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cybersecurity solutions based on machine learning (ML) and behavioral fingerprinting have demonstrated their suitability when detecting heterogeneous malware. However, most solutions are black boxes missing explainable and visual capabilities needed to analyze relevant metrics and malicious behaviors to be collected. In this demonstration, SecBox, a dynamic malware analysis platform with integrated data collection and visualization for malware execution, is presented. To provide a lightweight sandboxing approach, the architecture relies on Linux containers for isolation. The sandboxing and data analysis components of the SecBox architecture are deployed in a test bed to show the analysis of two malware families. In the presented scenario, the Monti ransomware and CoinMiner, a Monero-based cryptojacker are analyzed after obtaining them from a public database.
ISSN:2374-9709
DOI:10.1109/NOMS56928.2023.10154293