ANTI-MALWARE SANDBOX DETECTION TECHNOLOGY BASED ON AUTOMATIC ENVIRONMENT EVOLUTION

The proportion of malicious code with anti-sandbox analysis ability is gradually increasing. In order to solve the sandbox evasion of malicious code, a new sandbox structure is designed and developed in this paper. In addition to the basic monitoring function, the environment can be adjusted automatically based on the execution condition dependence graph of malicious code to combat the behavior of malicious code escaping from sandbox detection. The test results of 81 Gh0st samples show that the sandbox designed in this paper has better anti malicious code avoidance effect than Threatbook cloud sandbox, and has strong anti-malicious ability in delay trigger, human interaction simulation, hook hiding and so on. The average analysis time of the sandbox designed in this paper is 23 seconds faster than that of Noriben sandbox. The correctness and effectiveness of the proposed method are verified.