TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet

Gorecki C, Freiling F, Kührer M, Holz T (2011)

Publication Language: English

Publication Type: Conference contribution, Original article

Publication year: 2011

Journal

Lecture Notes in Computer Science Springer Verlag

Publisher: Springer-Verlag

Edited Volumes: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Series: Lecture Notes in Computer Science

City/Town: Berlin

Conference Proceedings Title: Proceedings of the 13th International Symposium on Stabilization, Safety, and Security of Distributed Systems

Event location: Grenoble

ISBN: 978-3-642-24549-7

DOI: 10.1007/978-3-642-24550-3_17

Abstract

Dynamic analysis of malicious software (malware) is a powerful tool in countering modern threats on the Internet. In dynamic analysis, a malware sample is executed in a controlled environment and its actions are logged. Through dynamic analysis, an analyst can quickly obtain an overview of malware behavior and can decide whether or not to indulge into tedious manual analysis of the sample. However, usual dynamic analysis exposes the Internet to the threats of an executed malware (like portscans) because advanced concealment techniques of malware often require full Internet access. For example, a missing link to the Internet or the unavailability of a specific server often causes the malware to not trigger its malicious behavior. In this paper, we present TrumanBox, a technique to emulate relevant parts of the Internet to enhance dynamic malware analysis. We show that TrumanBox not only prevents many threats but also enlarges the scope of the types of malware that can be analyzed dynamically. © 2011 Springer-Verlag.

Authors with CRIS profile

Felix Freiling Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Involved external institutions

Ruhr-Universität Bochum (RUB) DE Germany (DE)

How to cite

APA:

Gorecki, C., Freiling, F., Kührer, M., & Holz, T. (2011). TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet. In Proceedings of the 13th International Symposium on Stabilization, Safety, and Security of Distributed Systems. Grenoble: Berlin: Springer-Verlag.

MLA:

Gorecki, Christian, et al. "TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet." Proceedings of the Stabilization, Safety, and Security of Distributed Systems, Grenoble Berlin: Springer-Verlag, 2011.

BibTeX: Download