An Obfuscation Technique for Malware Detection and Protection in Sandboxing

As sandboxing becomes more and more popular as a malware detection and prevention method, cybercriminals will come up with new ways to evade this technology. For instance, there are new strains of malware that can recognize if they are inside a sandbox. These malware infections do not execute their malicious code until they are outside of the sandbox. One of the techniques that attackers use for evading sandbox solution is Lack of User Input. This malware can analyze the level of user input for detecting a sandbox. In contrast to a sandbox, different types of user activity, such as mouse or keyboard activity frequently occur. The main aim of this chapter is to provide the security by detecting malware infections. This could be accomplished through sandboxing technology. Here the data obtained from the user activity, such as mouse and keyboard activity has been converted into text. This is achieved through heatmaps, scroll maps, attention maps, and keyloggers. Then the data has been converted into text and it is stored in the database. The obtained data has been obfuscated and given for futher process. This is achieved through an AI tool called Delphix. Also this chapter gives an overview about the recent problems that are facing by the industrial people during code testing phase and the recent version of sandboxing and data obfuscation techniques which are currently in use. This chapter also covers the details of converting the user activity into data that is frequently occurring in a real machine. Then obfuscation of data. So that it can be more challenging for the anti-malware engines to detect or analyze. This can be achieved through an AI tool called Delphix which masks the compressed data and keeps it between the multiple clones to hide it from the malware.