SecBox: A Lightweight Malware Analysis Sandbox using Containers

State: completed by Raffael Mogicato, Adrian Zermin
Published: 2021-12-09

Sandboxed malware analysis tools allow security analysts to derive insights about malware files by running them in an isolated environment. With that, security analysts don't
have to spend time securing the runtime environment. Furthermore, such tools are able to automatically create reports about the malwares behavior [1].

However, currently available tools are either closed-source [2], unmaintained [3] or complex to setup and operate [4]. Remote access and the ability to provide extensive network
analysis are only provided in a limited way.

Thus, this thesis is concerned with the design, implementation and evaluation of a light-weight sandbox for automated malware analysis. As a first step towards generating
insights about a malware's behavior, SecBox can be integrated with the traffic analysis platform SecGrid [5]. 

[1] https://cuckoosandbox.org/
[2] https://app.any.run/plans/
[3] https://github.com/cuckoosandbox/cuckoo
[4] https://github.com/Rurik/Noriben
[5] https://www.csg.uzh.ch/csg/en/research/SecGrid.html

30% Design, 60% Implementation, 10% Documentation
Basic knowledge or interest in cybersecurity

Supervisors: Jan von der Assen

back to the main page