Design and implementation of an isolated sandbox with mimetic internet used to analyze malwares

Authors:
Shinsuke Miwa;Toshiyuki Miyachi;Masashi Eto;Masashi Yoshizumi;Yoichi Shinoda
Affiliations:
Information Security Research Center, National Institute of Information and Communications Technology, Japan and Internet Research Center, Japan Advanced Institute of Science and Technology;Hokuriku Research Center, National Institute of Information and Communications Technology, Japan and Internet Research Center, Japan Advanced Institute of Science and Technology;Information Security Research Center, National Institute of Information and Communications Technology, Japan;School of Information Science, Japan Advanced Institute of Science and Technology and Hokuriku Research Center, National Institute of Information and Communications Technology, Japan;Information Security Research Center, National Institute of Information and Communications Technology, Japan and Hokuriku Res. Ctr., Natnl. Inst. of Info. and Comm. Technol., Japan and Internet Re ...
Venue:
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Year:
2007

Citing 9
Cited 3

Snort 2.0 Intrusion Detection

Snort 2.0 Intrusion Detection
Reversing: The Hacker's Guide to Reverse Engineering

Reversing: The Hacker's Guide to Reverse Engineering
Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Proceedings of the twentieth ACM symposium on Operating systems principles
SubVirt: Implementing malware with virtual machines

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
StarBED and SpringOS: large-scale general purpose network testbed and supporting software

valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
Virtual Machines: Versatile Platforms for Systems and Processes (The Morgan Kaufmann Series in Computer Architecture and Design)

Virtual Machines: Versatile Platforms for Systems and Processes (The Morgan Kaufmann Series in Computer Architecture and Design)
Malware: Fighting Malicious Code

Malware: Fighting Malicious Code
Virtualization with Xen(tm): Including XenEnterprise, XenServer, and XenExpress: Including XenEnterprise, XenServer, and XenExpress

Virtualization with Xen(tm): Including XenEnterprise, XenServer, and XenExpress: Including XenEnterprise, XenServer, and XenExpress
The nepenthes platform: an efficient approach to collect malware

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Spamulator: the Internet on a laptop

Proceedings of the 13th annual conference on Innovation and technology in computer science education
PhishCage: reproduction of fraudulent websites in the emulated internet

Proceedings of the 6th International ICST Conference on Simulation Tools and Techniques
COSMO - emulation of internet traffic: poster abstract

Proceedings of the 6th International ICST Conference on Simulation Tools and Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent viruses, worms, and bots, called malwares, often have anti-analysis functions such as mechanisms that confirm connectivity to certain Internet hosts and detect virtualized environments. We discuss how malwares can be kept alive in an analyzing environment by disabling their anti-analyzing mechanisms. To avoid any impacts to/from the Internet, we conclude that analyzing environments should be disconnected from the Internet but must be able to make malwares believe that they are connected to the real Internet. We also conclude that, for executing environments to analyze anti-virtualization malwares, they should not be virtualized but must be as easily re-constructable as a virtualized environment. To reconcile these cross-purposes, we designed an isolated sandbox that consists of a mimetic Internet and renewable actual nodes. We implemented a prototype system and conducted an experiment to test the efficiency of our sandbox.