Comparative Analysis of Malware Behavior in Hardware and Virtual Sandboxes

Malicious software, or malware, continues to be a pervasive threat to computer systems and networks worldwide. As malware constantly evolves and becomes more sophisticated, it is crucial to develop effective methods for its detection and analysis. Sandboxing technology has emerged as a valuable tool in the field of cybersecurity, allowing researchers to safely execute and observe malware behavior in controlled environments. This thesis presents a comprehensive investigation into the behavior of malware samples when executed in both hardware and virtual sandboxes. The primary objective is to assess the effectiveness of hardware sandboxing in capturing and analyzing malware behaviors compared to traditional virtual sandboxes. The research methodology involves the execution of various malware samples in both hardware and virtual sandboxes, followed by the analysis of key parameters, including memory changes, file system logs, and network traffic. By comparing the results obtained from the two sandboxing approaches, this study aims to provide insights into the advantages and limitations of each method. Furthermore, the research delves into the potential evasion techniques employed by malware to bypass detection in either sandboxing environment. Identifying such evasion strategies is vital for enhancing the overall security posture and developing more robust defense mechanisms against evolving malware threats. The findings of this research contribute to the field of cybersecurity by shedding light on the strengths and weaknesses of hardware and virtual sandboxes for malware analysis. Ultimately, this work serves as a valuable resource for security practitioners and researchers seeking to improve malware detection and analysis techniques in the ever-evolving landscape of cybersecurity threats.