查看文章

As malware, such as computer viruses, worms, bots, Trojan horses and spyware, have become serious and critical threats that affect our lives significantly, great efforts have been made to analyze their behavior in detail to develop effective countermeasures.

Malware sandbox analysis is considered a promising approach for the analysis of malware which involves the execution of an unknown program in a testing environment, known as a sandbox, to observe and analyze its behavior. With the growing popularity of malware sandbox analysis, there are a number of systems 1)–9) that use a public interface to accept online submissions of samples from arbitrary users, automatically analyze them using a sandbox, and send analysis reports back to the user. Similar systems also exist for the analysis of suspicious web sites 1), 10)–20). In this paper, we refer to such a malware analysis system with