{"title":"MARS:基于sdn的恶意软件分析解决方案","authors":"J. Ceron, C. Margi, L. Granville","doi":"10.1109/ISCC.2016.7543792","DOIUrl":null,"url":null,"abstract":"Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malwares require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture integrating different systems and networks profile configuration. In this paper we design an architecture specialized in malware analysis using SDN to dynamically reconfigure the network environment based on malware actions. As result, we demonstrate that our solution can trigger more malware's events than traditional solutions that do not consider sandbox surround environment as an important component in malware analysis.","PeriodicalId":148096,"journal":{"name":"2016 IEEE Symposium on Computers and Communication (ISCC)","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":"{\"title\":\"MARS: An SDN-based malware analysis solution\",\"authors\":\"J. Ceron, C. Margi, L. Granville\",\"doi\":\"10.1109/ISCC.2016.7543792\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malwares require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture integrating different systems and networks profile configuration. In this paper we design an architecture specialized in malware analysis using SDN to dynamically reconfigure the network environment based on malware actions. As result, we demonstrate that our solution can trigger more malware's events than traditional solutions that do not consider sandbox surround environment as an important component in malware analysis.\",\"PeriodicalId\":148096,\"journal\":{\"name\":\"2016 IEEE Symposium on Computers and Communication (ISCC)\",\"volume\":\"2016 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"33\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Symposium on Computers and Communication (ISCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC.2016.7543792\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Computers and Communication (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2016.7543792","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malwares require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture integrating different systems and networks profile configuration. In this paper we design an architecture specialized in malware analysis using SDN to dynamically reconfigure the network environment based on malware actions. As result, we demonstrate that our solution can trigger more malware's events than traditional solutions that do not consider sandbox surround environment as an important component in malware analysis.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
