Abstract

ZHUMA MERA, Emilio; BRITO CASANOVA, Orlando Jesús; TUBAY VERGARA, José  and  OVIEDO BAYAS, Byron. Dynamic analysis of malware in a virtualized network environment. Conrado [online]. 2021, vol.17, n.78, pp. 113-120.  Epub Feb 02, 2021. ISSN 1990-8644.

ABSTRACT The present research studies the creation of a virtual network environment to perform dynamic malware analysis using the Proxmox hypervisor system and LXC or KVM / QEMU virtualization technologies to ensure the operability and correct isolation of the components. A modest perimeter security topology is proposed using a DMZ with a tripod firewall, internal network and adding a monitoring network, as a representation of the business environment at a small or medium level for the abstraction in minimum elements permissible to virtualize with the least impact on the system functionality and safeguarding the consumption of physical resources. According to the characteristics of areas with great operational importance (internal network and DMZ), they are haunted by malicious code classified according to the expected scope: massive and targeted. The use of external tools to develop and obtain the necessary data on the behavior of the infected system and the development of the specimen in execution with services such as Zabbix and Moloch have influential limitations on the precision of the dynamic analysis and the consequent formulation of conclusions and elaboration of "Indicators of compromise" or signatures that aid in the detection of malicious software

Keywords : LXC; Mass Malware; Targeted Malware; Proxmox; QEMU.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )