Author(s): Saurabh Chamotra | Rakesh Kumar Sehgal | Raj Kamal
Journal: International Journal of Computer Applications
ISSN 0975-8887
Volume: comnetcs;
Issue: 1;
Date: 2012;
Original page
Keywords: Tracking
ABSTRACT
Malware analysis is a process of determining the intent and modus operandi of a given malware sample. It is the first step in process of developing any preventive or defensive measure against a malware attack. The work presented in this paper is focused on the dynamic malware analysis. Dynamic malware analysis is one of the malware analysis techniques, in which the malware sample is executed in a controlled environment called sandbox and the effects of the execution at different levels of system abstractions (I.e. operating system, network, or kernel) are captured, stored and processed. In this paper we are presenting the design details of a malware execution environment named as Honeysand. The presented solution is specifically designed for catering the needs of performing dynamic analysis for a class of malwares known as bot. Bot is a class of mwalre that have the ability to coordinate among themselves and create a network of infected systems which is under the control of a single machine called command & control server [18] .Based upon the proposed system design we have developed a prototype system using the honeypot technology as a base with some other open source tools configured over it and used this prototype to demonstrate the effectiveness of the proposed solution.
Journal: International Journal of Computer Applications
ISSN 0975-8887
Volume: comnetcs;
Issue: 1;
Date: 2012;
Original page
Keywords: Tracking
ABSTRACT
Malware analysis is a process of determining the intent and modus operandi of a given malware sample. It is the first step in process of developing any preventive or defensive measure against a malware attack. The work presented in this paper is focused on the dynamic malware analysis. Dynamic malware analysis is one of the malware analysis techniques, in which the malware sample is executed in a controlled environment called sandbox and the effects of the execution at different levels of system abstractions (I.e. operating system, network, or kernel) are captured, stored and processed. In this paper we are presenting the design details of a malware execution environment named as Honeysand. The presented solution is specifically designed for catering the needs of performing dynamic analysis for a class of malwares known as bot. Bot is a class of mwalre that have the ability to coordinate among themselves and create a network of infected systems which is under the control of a single machine called command & control server [18] .Based upon the proposed system design we have developed a prototype system using the honeypot technology as a base with some other open source tools configured over it and used this prototype to demonstrate the effectiveness of the proposed solution.
