{"id":"https://openalex.org/W2990128188","doi":"https://doi.org/10.1145/3344341.3368810","title":"Container-based Sandboxes for Malware Analysis","display_name":"Container-based Sandboxes for Malware Analysis","publication_year":2019,"publication_date":"2019-11-27","ids":{"openalex":"https://openalex.org/W2990128188","doi":"https://doi.org/10.1145/3344341.3368810","mag":"2990128188"},"language":"en","primary_location":{"id":"doi:10.1145/3344341.3368810","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3344341.3368810","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021888545","display_name":"Ayrat Khalimov","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ayrat Khalimov","raw_affiliation_strings":["Innopolis University, Innopolis, Russian Fed"],"affiliations":[{"raw_affiliation_string":"Innopolis University, Innopolis, Russian Fed","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045116796","display_name":"Sofiane Benahmed","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sofiane Benahmed","raw_affiliation_strings":["Innopolis University, Innopolis, Russian Fed"],"affiliations":[{"raw_affiliation_string":"Innopolis University, Innopolis, Russian Fed","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090705977","display_name":"Rasheed Hussain","orcid":"https://orcid.org/0000-0002-3771-7537"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rasheed Hussain","raw_affiliation_strings":["Innopolis University, Innopolis, Russian Fed"],"affiliations":[{"raw_affiliation_string":"Innopolis University, Innopolis, Russian Fed","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023238359","display_name":"S. M. Ahsan Kazmi","orcid":"https://orcid.org/0000-0001-7138-8258"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"S.M. Ahsan Kazmi","raw_affiliation_strings":["Innopolis University, Innopolis, Russian Fed"],"affiliations":[{"raw_affiliation_string":"Innopolis University, Innopolis, Russian Fed","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059143742","display_name":"Alma Oracevic","orcid":"https://orcid.org/0000-0002-7723-3932"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alma Oracevic","raw_affiliation_strings":["Innopolis University, Innopolis, Russian Fed"],"affiliations":[{"raw_affiliation_string":"Innopolis University, Innopolis, Russian Fed","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044266495","display_name":"Fatima Hussain","orcid":"https://orcid.org/0000-0002-6306-9772"},"institutions":[{"id":"https://openalex.org/I125133608","display_name":"Royal Bank of Canada","ror":"https://ror.org/03hgnwx26","country_code":"CA","type":"other","lineage":["https://openalex.org/I125133608"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Fatima Hussain","raw_affiliation_strings":["Royal Bank of Canada, Toronto, Canada"],"affiliations":[{"raw_affiliation_string":"Royal Bank of Canada, Toronto, Canada","institution_ids":["https://openalex.org/I125133608"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018618593","display_name":"Farhan Ahmad","orcid":"https://orcid.org/0000-0002-1988-0971"},"institutions":[{"id":"https://openalex.org/I22128151","display_name":"University of Derby","ror":"https://ror.org/02yhrrk59","country_code":"GB","type":"education","lineage":["https://openalex.org/I22128151"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Farhan Ahmad","raw_affiliation_strings":["University of Derby, Derby, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Derby, Derby, United Kingdom","institution_ids":["https://openalex.org/I22128151"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091140244","display_name":"Chaker Abdelaziz Kerrache","orcid":"https://orcid.org/0000-0001-9990-519X"},"institutions":[{"id":"https://openalex.org/I4210115782","display_name":"University of Ghardaia","ror":"https://ror.org/02ck5yd04","country_code":"DZ","type":"education","lineage":["https://openalex.org/I4210115782"]}],"countries":["DZ"],"is_corresponding":false,"raw_author_name":"Chaker Abdelaziz Kerrache","raw_affiliation_strings":["University of Ghardaia, Ghardaia, Algeria"],"affiliations":[{"raw_affiliation_string":"University of Ghardaia, Ghardaia, Algeria","institution_ids":["https://openalex.org/I4210115782"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5021888545"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.1729,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.79973151,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"219","last_page":"227"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9904999732971191,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7424945831298828},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6814728379249573},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2630976736545563}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7424945831298828},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6814728379249573},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2630976736545563}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3344341.3368810","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3344341.3368810","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing","raw_type":"proceedings-article"},{"id":"pmh:oai:research-information.bris.ac.uk:openaire_cris_publications/c5b100a8-47cf-43ab-a292-33f961f4e1da","is_oa":false,"landing_page_url":"https://research-information.bris.ac.uk/en/publications/c5b100a8-47cf-43ab-a292-33f961f4e1da","pdf_url":null,"source":{"id":"https://openalex.org/S4306400895","display_name":"Bristol Research (University of Bristol)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I36234482","host_organization_name":"University of Bristol","host_organization_lineage":["https://openalex.org/I36234482"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Khalimov, A, Benahmed, S, Hussain, R, Ahsan Kazmi, S M, Oracevic, A, Hussain, F, Ahmad, F & Kerrache, C A 2019, Container-based sandboxes for malware analysis : A compromise worth considering. in UCC 2019 - Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing. UCC 2019 - Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing, Association for Computing Machinery, pp. 219-227. https://doi.org/10.1145/3344341.3368810","raw_type":"contributionToPeriodical"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W172558989","https://openalex.org/W1824116952","https://openalex.org/W2023953679","https://openalex.org/W2111038628","https://openalex.org/W2115175195","https://openalex.org/W2127723417","https://openalex.org/W2239647876","https://openalex.org/W2517430515","https://openalex.org/W2556088991","https://openalex.org/W2567333176","https://openalex.org/W2588766758","https://openalex.org/W2765751359","https://openalex.org/W2899435184","https://openalex.org/W2900633536"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W3152891574","https://openalex.org/W2249809453"],"abstract_inverted_index":{"Malware":[0],"analysis":[1,46,225],"relies":[2],"on":[3,205],"monitoring":[4],"the":[5,39,48,58,65,82,96,106,111,168,217],"behavior":[6],"of":[7,31,113,170],"a":[8,12,32,75,157,161,210],"suspected":[9],"application":[10],"within":[11],"confined,":[13],"controlled":[14],"and":[15,26,61,87,135,140,192],"secure":[16],"environment.":[17],"These":[18],"environments":[19,115],"are":[20,27,93,156],"commonly":[21,41],"referred":[22],"to":[23,63,81,119,131,144,178,194,222],"as":[24,98,116,142,147],"\"Sandboxes''":[25],"often":[28,56],"virtualized":[29,85],"replicas":[30],"regular":[33],"system.":[34],"Hypervisor-based":[35],"sandboxes":[36,53,121],"were":[37],"among":[38],"most":[40],"used":[42],"techniques":[43],"for":[44,122,160],"malware":[45,66,97,123,184,224],"during":[47],"last":[49],"decade;":[50],"however,":[51],"these":[52,137,190],"do":[54],"not":[55],"provide":[57],"required":[59],"stealth":[60],"transparency":[62],"deceive":[64],"in":[67,74,228],"believing":[68],"that":[69,153,183,214],"it":[70],"is":[71,79],"being":[72],"run":[73],"target":[76],"machine.":[77],"This":[78],"due":[80],"difference":[83],"between":[84],"systems":[86,146],"bare":[88],"metal":[89],"ones;":[90],"differences":[91],"which":[92,174],"exploited":[94],"by":[95,109,197],"detection":[99,172,212],"artifacts.":[100],"In":[101],"this":[102,164],"paper,":[103],"we":[104,127,208],"address":[105,195],"aforementioned":[107],"problem":[108],"exploring":[110],"use":[112],"container-based":[114],"an":[117,220],"alternative":[118],"hypervisor-based":[120],"analysis.":[124],"More":[125],"precisely,":[126],"explore":[128,189],"different":[129,181],"ways":[130],"monitor":[132],"containerized":[133],"applications":[134],"make":[136,175],"containers":[138,155,176,227],"act":[139],"look":[141],"close":[143],"real":[145],"possible.":[148],"Our":[149],"experimental":[150],"results":[151],"revealed":[152],"Docker":[154],"promising":[158],"option":[159,165],"sandbox.":[162],"However,":[163],"comes":[166],"at":[167],"cost":[169],"new":[171],"artifacts":[173],"subject":[177],"fingerprinting":[179],"through":[180,226],"sources":[182,191],"can":[185],"easily":[186],"find.":[187],"We":[188],"try":[193],"them":[196],"various":[198],"means":[199],"including":[200],"system-call":[201],"introspection.":[202],"Finally,":[203],"based":[204],"our":[206],"discoveries,":[207],"introduce":[209],"container":[211],"tool":[213],"will":[215],"give":[216],"research":[218],"community":[219],"opportunity":[221],"investigate":[223],"more":[229],"details.":[230]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}