{"title":"MARS: An SDN-based malware analysis solution","authors":"J. Ceron, C. Margi, L. Granville","doi":"10.1109/ISCC.2016.7543792","DOIUrl":null,"url":null,"abstract":"Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malwares require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture integrating different systems and networks profile configuration. In this paper we design an architecture specialized in malware analysis using SDN to dynamically reconfigure the network environment based on malware actions. As result, we demonstrate that our solution can trigger more malware's events than traditional solutions that do not consider sandbox surround environment as an important component in malware analysis.","PeriodicalId":148096,"journal":{"name":"2016 IEEE Symposium on Computers and Communication (ISCC)","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Computers and Communication (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2016.7543792","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 33
Abstract
Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malwares require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture integrating different systems and networks profile configuration. In this paper we design an architecture specialized in malware analysis using SDN to dynamically reconfigure the network environment based on malware actions. As result, we demonstrate that our solution can trigger more malware's events than traditional solutions that do not consider sandbox surround environment as an important component in malware analysis.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
