Title :
A Testing Model for Dynamic Malware Analysis Systems
Author :
Massicotte, Frédéric ; Couture, Mathieu ; Normandin, Hugues ; Michaud, Frédéric
Author_Institution :
Commun. Res. Centre Canada, Ottawa, ON, Canada
Abstract :
A Dynamic Malware Analysis System (D-MAS), often called a sandbox, is a controlled environment in which malicious software (malware) is executed in order to identify the actions it is performing (e.g., creating processes, sending emails) when infecting computer systems. One of the most important features of security devices such as IDSs, AVSs and D-MASs, is how accurately they identify and document threats. By nature, these security devices are difficult to test since they are test systems themselves. The attackers are the testers trying to find test cases that cannot be identified by these systems. Consequently, thorough testing models are required by developers to assess the accuracy of D-MASs, an area in which very little theoretical and empirical work exists. In this paper, we lay out the basis of D-MASs accuracy assessment and we present an evaluation of eight of these systems. We propose test coverage criteria, oracle types and specifications to assess the accuracy of D-MASs. Results show that our approach is efficient at identifying accuracy problems in several D-MASs.
Keywords :
invasive software; program diagnostics; program testing; D-MAS accuracy assessment; assess specifications; computer systems infection; document identification; document threats; dynamic malware analysis systems; malicious software; oracle types; sandbox; security devices; test coverage criteria; test systems; Accuracy; Internet; Malware; Software; Testing; Vectors; Malware analysis; evaluation; testing;
Conference_Titel :
Software Testing, Verification and Validation (ICST), 2012 IEEE Fifth International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4577-1906-6
DOI :
10.1109/ICST.2012.183
