The Design And Implementation Of Virtual Network For Improving Malware Network Behavior Analysis

The rapid development of the Internet has brought great convenience to people’slives and work, and IT has become an indispensable part of their lives. However,network security threats are increasingly diverse and dangerous. Malware, includingcomputer viruses, worms, Trojans and zombies, has become one of the most seriousthreats to computers and networks.The traditional malware detection method is static detection technology based onstatic characteristics. Although this method is in constant development, dynamicanalysis based on malware behavior gradually become a new solution, because ofgrowth spurt in the number of malware, the use of encryption, polymorphism anddeformation, and the defect of static analysis that it can not be an effective defenseagainst unknown malware. Because of the development of the Internet and informationtechnology, more and more malwares have certain network behavior, and even majormalicious behavior is realized through the network, at the same time, intelligentmalwares can hide their own malicious behavior in the case of no network connection isdetected, which bring great difficulties to the capture of malware behavior. Therefore,how to build a virtual network which can decoy malware to generate more networkbehavior has become a hot and difficult in the field of behavior-based dynamic analysis.In addition, due to the rapid growth of the type and quantity of malware, automatedanalysis techniques for malware become an inevitable trend.In order to solve the above problems, this paper implements a virtual network formalware network behavior analysis. The virtual network can redirect common networkprotocol packet destination address and port, and simulate ordinary network services formalware dynamic analysis, which can decoy malware to generate more networkbehavior and to protect the real network from destruction from malware. Besides, asandbox scheduling management program is designed and implemented in the paper aswell, which can realize the automation of dynamic analysis and behavior capture.Experimental results show that, compared with the online analysis platformCWSandbox and Anubis, the virtual network proposed here has better performance, cansimulate network service better and capture more malware network behavior, which provides more adequate and effective behavioral data for malware network behavioranalysis.