{"id":"https://openalex.org/W4396853080","doi":"https://doi.org/10.1109/access.2024.3400167","title":"Redefining Malware Sandboxing: Enhancing Analysis Through Sysmon and ELK Integration","display_name":"Redefining Malware Sandboxing: Enhancing Analysis Through Sysmon and ELK Integration","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4396853080","doi":"https://doi.org/10.1109/access.2024.3400167"},"language":"en","primary_location":{"id":"doi:10.1109/access.2024.3400167","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3400167","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10529261.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10529261.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073352073","display_name":"Rasmi-Vlad Mahmoud","orcid":null},"institutions":[{"id":"https://openalex.org/I891191580","display_name":"Aalborg University","ror":"https://ror.org/04m5j1k67","country_code":"DK","type":"education","lineage":["https://openalex.org/I891191580"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Rasmi-Vlad Mahmoud","raw_affiliation_strings":["Department of Electronic Systems, Cyber Security Group, CMI Section, Aalborg University, Copenhagen, Denmark"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electronic Systems, Cyber Security Group, CMI Section, Aalborg University, Copenhagen, Denmark","institution_ids":["https://openalex.org/I891191580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059647371","display_name":"\u039c\u03ac\u03c1\u03b9\u03bf\u03c2 \u0391\u03bd\u03b1\u03b3\u03bd\u03c9\u03c3\u03c4\u03cc\u03c0\u03bf\u03c5\u03bb\u03bf\u03c2","orcid":"https://orcid.org/0000-0002-9193-8517"},"institutions":[{"id":"https://openalex.org/I891191580","display_name":"Aalborg University","ror":"https://ror.org/04m5j1k67","country_code":"DK","type":"education","lineage":["https://openalex.org/I891191580"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Marios Anagnostopoulos","raw_affiliation_strings":["Department of Electronic Systems, Cyber Security Group, CMI Section, Aalborg University, Copenhagen, Denmark"],"raw_orcid":"https://orcid.org/0000-0002-9193-8517","affiliations":[{"raw_affiliation_string":"Department of Electronic Systems, Cyber Security Group, CMI Section, Aalborg University, Copenhagen, Denmark","institution_ids":["https://openalex.org/I891191580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065221727","display_name":"Sergio Pastrana","orcid":"https://orcid.org/0000-0003-1036-6359"},"institutions":[{"id":"https://openalex.org/I50357001","display_name":"Universidad Carlos III de Madrid","ror":"https://ror.org/03ths8210","country_code":"ES","type":"education","lineage":["https://openalex.org/I50357001"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Sergio Pastrana","raw_affiliation_strings":["Department of Computer Science, Escuela Polit&#x00E9;cnica Superior, Computer Security (COSEC) Lab, Universidad Carlos III de Madrid, Leganes, Spain"],"raw_orcid":"https://orcid.org/0000-0003-1036-6359","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Escuela Polit&#x00E9;cnica Superior, Computer Security (COSEC) Lab, Universidad Carlos III de Madrid, Leganes, Spain","institution_ids":["https://openalex.org/I50357001"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034797912","display_name":"Jens Myrup Pedersen","orcid":"https://orcid.org/0000-0002-1903-2921"},"institutions":[{"id":"https://openalex.org/I891191580","display_name":"Aalborg University","ror":"https://ror.org/04m5j1k67","country_code":"DK","type":"education","lineage":["https://openalex.org/I891191580"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Jens Myrup Pedersen","raw_affiliation_strings":["Department of Electronic Systems, Cyber Security Group, CMI Section, Aalborg University, Copenhagen, Denmark"],"raw_orcid":"https://orcid.org/0000-0002-1903-2921","affiliations":[{"raw_affiliation_string":"Department of Electronic Systems, Cyber Security Group, CMI Section, Aalborg University, Copenhagen, Denmark","institution_ids":["https://openalex.org/I891191580"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":3.6686,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.9385235,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"12","issue":null,"first_page":"68624","last_page":"68636"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9911999702453613,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9887999892234802,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7853035926818848},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7022746801376343},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42945414781570435},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.41058456897735596}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7853035926818848},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7022746801376343},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42945414781570435},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.41058456897735596}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2024.3400167","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3400167","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10529261.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:openaire/85c77e9b-36d5-4e86-a308-c69452c565f0","is_oa":false,"landing_page_url":"https://vbn.aau.dk/da/publications/85c77e9b-36d5-4e86-a308-c69452c565f0","pdf_url":null,"source":{"id":"https://openalex.org/S4306401731","display_name":"VBN Forskningsportal (Aalborg Universitet)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I891191580","host_organization_name":"Aalborg University","host_organization_lineage":["https://openalex.org/I891191580"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Mahmoud, R V, Anagnostopoulos, M, Pastrana, S & Pedersen, J M 2024, 'Redefining Malware Sandboxing : Enhancing Analysis Through Sysmon and ELK Integration', IEEE Access, vol. 12, 10529261, pp. 68624-68636. https://doi.org/10.1109/ACCESS.2024.3400167","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:doaj.org/article:a4db618c9e484201b6ced964884ea098","is_oa":true,"landing_page_url":"https://doaj.org/article/a4db618c9e484201b6ced964884ea098","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 12, Pp 68624-68636 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2024.3400167","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3400167","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10529261.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320322454","display_name":"Otto M\u00f8nsteds Fond","ror":"https://ror.org/02dt42634"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4396853080.pdf"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W2065314054","https://openalex.org/W2115175195","https://openalex.org/W2511353470","https://openalex.org/W2517430515","https://openalex.org/W2972552958","https://openalex.org/W2977310947","https://openalex.org/W2988961468","https://openalex.org/W2998074434","https://openalex.org/W3045266168","https://openalex.org/W3132588576","https://openalex.org/W3162974214","https://openalex.org/W3176289544","https://openalex.org/W3188369116","https://openalex.org/W3212159646","https://openalex.org/W4210517283","https://openalex.org/W4220960791","https://openalex.org/W4289516272","https://openalex.org/W4293106276","https://openalex.org/W4365420886","https://openalex.org/W4385489300"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819"],"abstract_inverted_index":{"In":[0],"cybersecurity,":[1],"adversaries":[2],"employ":[3],"a":[4,16,103,149,162,179,183,246,259,272,288],"myriad":[5],"of":[6,66,91,106,116,144,165,186,231,274,301],"tactics":[7],"to":[8,33,83,226,251,266,276],"evade":[9],"detection":[10],"and":[11,35,55,71,86,136,153,194,197,208,237,240,248,285,298],"breach":[12],"defenses.":[13],"Malware":[14],"remains":[15],"formidable":[17],"weapon":[18],"in":[19,178,203,258],"their":[20,56],"arsenal.":[21],"To":[22],"counter":[23],"this":[24],"threat,":[25],"researchers":[26],"unceasingly":[27],"pursue":[28],"dynamic":[29,47,282],"analysis,":[30],"which":[31,159],"aims":[32],"comprehend":[34],"thwart":[36],"established":[37],"malware":[38,48,92,111,147,252,283],"strains.":[39],"This":[40,79,100],"paper":[41],"introduces":[42],"an":[43,67],"innovative":[44],"methodology":[45],"for":[46,281,292],"analysis":[49,284],"while":[50],"critically":[51],"evaluating":[52],"prevailing":[53],"technologies":[54],"limitations.":[57],"The":[58,254],"proposed":[59,118],"approach":[60,250],"hinges":[61],"on":[62,95,210,296],"harnessing":[63],"the":[64,77,88,107,114,117,122,134,142,145,166,205,211,217,223,228,267,278],"capabilities":[65],"open-source":[68],"Security":[69],"Information":[70],"Event":[72],"Management":[73],"(SIEM)":[74],"toolset,":[75],"namely":[76],"Elastic-Stack.":[78],"toolset":[80],"is":[81,264],"utilized":[82],"capture,":[84],"structure,":[85,263],"analyze":[87],"behavioral":[89],"patterns":[90],"without":[93],"relying":[94],"any":[96],"pre-existing":[97],"sandbox":[98],"framework.":[99],"augmentation":[101],"facilitates":[102],"profound":[104],"understanding":[105],"activities":[108],"exhibited":[109],"by":[110,215],"samples.":[112],"With":[113],"help":[115],"ecosystem,":[119],"we":[120,140,221],"compile":[121],"<italic":[123,127],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[124,128],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">AAU</i>":[125],"_":[126],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">MalData</i>":[129],"dataset":[130],"that":[131],"encompasses":[132],"distinctly":[133],"benign":[135],"malicious":[137],"behavior.":[138],"Specifically,":[139],"analyzed":[141],"behavior":[143],"2,800":[146],"within":[148],"realistic":[150],"network":[151,299],"topology":[152],"systematically":[154],"collected":[155],"Windows":[156],"event":[157,170,191,224],"logs,":[158],"serve":[160],"as":[161,174,190,271,287],"comprehensive":[163],"record":[164],"malware\u2019s":[167,206,229],"actions.":[168],"These":[169,200],"logs":[171,225],"are":[172,176,201],"precious":[173],"they":[175],"organized":[177,257],"timestamped":[180],"format,":[181],"providing":[182],"chronological":[184],"list":[185],"system":[187],"activities,":[188],"such":[189],"descriptions,":[192],"process":[193],"file":[195],"details,":[196],"registry":[198],"modifications.":[199],"pivotal":[202],"comprehending":[204],"functionality":[207],"repercussions":[209],"compromised":[212],"system.":[213],"Furthermore,":[214],"incorporating":[216],"MITRE":[218],"ATT&CK":[219],"framework,":[220],"leveraged":[222],"correlate":[227],"mode":[230],"operation,":[232],"delve":[233],"into":[234],"its":[235,242],"Command":[236],"Control":[238],"operations,":[239],"investigate":[241],"persistence":[243],"mechanisms,":[244],"enabling":[245],"structured":[247],"practical":[249],"analysis.":[253],"AAU_MalData":[255],"dataset,":[256],"JSON":[260],"format":[261],"data":[262],"offered":[265],"research":[268],"community":[269],"first":[270],"proof":[273],"concept":[275],"demonstrate":[277],"toolset\u2019s":[279],"feasibility":[280],"second":[286],"potential":[289],"training":[290],"ground":[291],"anti-malware":[293],"mechanisms":[294],"based":[295],"host":[297],"Indicators":[300],"Compromise":[302],"(IoCs).":[303]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":10}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}