Header

UZH-Logo

Maintenance Infos

SecBox: A Lightweight Container-based Sandbox for Dynamic Malware Analysis


Von der Assen, Jan; Celdran, Alberto Huertas; Zermin, Adrian; Mogicato, Raffael; Bovet, Gérôme; Stiller, Burkhard (2023). SecBox: A Lightweight Container-based Sandbox for Dynamic Malware Analysis. In: NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, Miami, FL, USA, 8 May 2023 - 12 May 2023. Institute of Electrical and Electronics Engineers, 10154293.

Abstract

Cybersecurity solutions based on machine learning (ML) and behavioral fingerprinting have demonstrated their suitability when detecting heterogeneous malware. However, most solutions are black boxes missing explainable and visual capabilities needed to analyze relevant metrics and malicious behaviors to be collected. In this demonstration, SecBox, a dynamic malware analysis platform with integrated data collection and visualization for malware execution, is presented. To provide a lightweight sandboxing approach, the architecture relies on Linux containers for isolation. The sandboxing and data analysis components of the SecBox architecture are deployed in a test bed to show the analysis of two malware families. In the presented scenario, the Monti ransomware and CoinMiner, a Monero-based cryptojacker are analyzed after obtaining them from a public database.

Abstract

Cybersecurity solutions based on machine learning (ML) and behavioral fingerprinting have demonstrated their suitability when detecting heterogeneous malware. However, most solutions are black boxes missing explainable and visual capabilities needed to analyze relevant metrics and malicious behaviors to be collected. In this demonstration, SecBox, a dynamic malware analysis platform with integrated data collection and visualization for malware execution, is presented. To provide a lightweight sandboxing approach, the architecture relies on Linux containers for isolation. The sandboxing and data analysis components of the SecBox architecture are deployed in a test bed to show the analysis of two malware families. In the presented scenario, the Monti ransomware and CoinMiner, a Monero-based cryptojacker are analyzed after obtaining them from a public database.

Statistics

Citations

Dimensions.ai Metrics

Altmetrics

Downloads

0 downloads since deposited on 14 Feb 2024
0 downloads since 12 months

Additional indexing

Item Type:Conference or Workshop Item (Paper), not_refereed, original work
Communities & Collections:03 Faculty of Economics > Department of Informatics
Dewey Decimal Classification:000 Computer science, knowledge & systems
Scopus Subject Areas:Physical Sciences > Software
Physical Sciences > Artificial Intelligence
Physical Sciences > Computer Networks and Communications
Social Sciences & Humanities > Information Systems and Management
Physical Sciences > Safety, Risk, Reliability and Quality
Physical Sciences > Modeling and Simulation
Scope:Discipline-based scholarship (basic research)
Language:English
Event End Date:12 May 2023
Deposited On:14 Feb 2024 16:02
Last Modified:28 Feb 2024 12:24
Publisher:Institute of Electrical and Electronics Engineers
Series Name:IEEE/IFIP Network Operations and Management Symposium (NOMS)
ISSN:1542-1201
ISBN:978-1-6654-7716-1
OA Status:Closed
Publisher DOI:https://doi.org/10.1109/noms56928.2023.10154293