Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis
This addresses malware detection for cybersecurity practitioners, but it appears incremental as it benchmarks existing sandbox types without introducing a new method.
The paper tackled the problem of detecting advanced malware by comparing agent-based and agentless dynamic sandbox systems, analyzing samples like Petya and Spyeye to benchmark their efficiency.
Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.