A malware is a program that has a malicious intent. Nowadays, attack from malwares is rising in alarming fashion and thousands of malwares are injected to the Internet. Malware authors use many techniques like obfuscation and packing to avoid detection. A number of techniques for malware detection are available and none of them able to detect all types of malwares. In this paper, a more efficient malware detection framework is presented. This framework utilizes the ability of sandbox to analyze files in an isolated environment. A group of sandbox is arranged parallel and process each incoming file from the Internet to internal network. A credit is assigned to each operation made by the file under inspection. Report generated by each sandbox is converted into a general intermediate format. Average credit of a specific file is calculated based on average credit from individual reports. Files are classified as malicious or benign based on this final average credit. This system increases the efficiency of malware detection by using multiple dynamic analysis technics.

1. Sikorski, Michael, and Andrew Honig. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, 2012.
2. Quarterly report – Panda Security, http://mediacenter. pandasecurity. com/mediacenter/wp-content/uploads/2014/07/Quarterly-Report-Q2-2014. pdf, December 2014
3. S. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, pages 151 – 180.
4. W. Li, K. Wang, S. Stolfo, and B. Herzog. Fileprints: Identifying file types by n-gram analysis. 6th IEEE Information Assurance Workshop, June 2005.
5. Y. -M. Wang, D. Beck, B. Vo, R. Roussev, and C. Verbowski. Detecting Stealth Software with Strider GhostBuster. Proc. of the 2005 International Conference on Dependable Systems and Networks, June 2005.
6. N. L. Petroni, T. Fraser, J. Molina, and W. A. Arbaugh. Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. Proc. of the 13th USENIX Security Symposium, Aug. 2004.
7. N. L. Petroni, T. Fraser, A. Walters, and W. Arbaugh. An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. Proc. of the 15th USENIX Security Symposium, Aug. 2006.
8. C. Kreibich and J. Crowcroft. Honeycomb – creating intrustion detection signatures using honeypots. In 2nd Workshop on Hot Topics in Network, 2003.

Malware Detection And Analysis Sandbox Apt Malwares.