SoK: An Essential Guide For Using Malware Sandboxes In Security Applications: Challenges, Pitfalls, and Lessons Learned
arxiv(2024)
摘要
Malware sandboxes provide many benefits for security applications, but they
are complex. These complexities can overwhelm new users in different research
areas and make it difficult to select, configure, and use sandboxes. Even
worse, incorrectly using sandboxes can have a negative impact on security
applications. In this paper, we address this knowledge gap by systematizing 84
representative papers for using x86/64 malware sandboxes in the academic
literature. We propose a novel framework to simplify sandbox components and
organize the literature to derive practical guidelines for using sandboxes. We
evaluate the proposed guidelines systematically using three common security
applications and demonstrate that the choice of different sandboxes can
significantly impact the results. Specifically, our results show that the
proposed guidelines improve the sandbox observable activities by at least 1.6x
and up to 11.3x. Furthermore, we observe a roughly 25
precision, and recall when using the guidelines to help with a malware family
classification task. We conclude by affirming that there is no "silver bullet"
sandbox deployment that generalizes, and we recommend that users apply our
framework to define a scope for their analysis, a threat model, and derive
context about how the sandbox artifacts will influence their intended use case.
Finally, it is important that users document their experiment, limitations, and
potential solutions for reproducibility
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要