Sandboxed malware analysis tools allow security analysts to derive insights about malware files by running them in an isolated environment. With that, security analysts don't
have to spend time securing the runtime environment. Furthermore, such tools are able to automatically create reports about the malwares behavior [1].
However, currently available tools are either closed-source [2], unmaintained [3] or complex to setup and operate [4]. Remote access and the ability to provide extensive network
analysis are only provided in a limited way.
Thus, this thesis is concerned with the design, implementation and evaluation of a light-weight sandbox for automated malware analysis. As a first step towards generating
insights about a malware's behavior, SecBox can be integrated with the traffic analysis platform SecGrid [5].
[1] https://cuckoosandbox.org/
[2] https://app.any.run/plans/
[3] https://github.com/cuckoosandbox/cuckoo
[4] https://github.com/Rurik/Noriben
[5] https://www.csg.uzh.ch/csg/en/research/SecGrid.html
Supervisors: Jan von der Assen
back to the main page