Zero-Day Exploit Detection Using Behavior-Based Sandboxing and Threat Intelligence Fusion
DOI:
https://doi.org/10.21590/t3yp2f56Keywords:
zero-day exploits, sandboxing, threat intelligence fusion, IOC matching, behavior analysis, ransomware detection, APT, malware analysis, AlienVault OTX, hybrid detectionAbstract
Zero-day exploits pose one of the most persistent and damaging threats in modern cybersecurity due to their ability to evade traditional, signature-based detection mechanisms. These exploits take advantage of unknown vulnerabilities, often going undetected until significant damage has occurred. In this paper, we present a hybrid detection framework that integrates behavior-based sandbox analysis with external threat intelligence feeds to enhance the identification of zero-day malware. Using a virtualized Windows-based sandbox environment, we observe system-level behaviours such as registry modifications, file operations, process injections, and outbound network connections. A rule-based engine assigns severity scores to these activities, while a fusion module cross-reference extracted indicators of compromise (IOCs) with curated threat intelligence repositories including AlienVault OTX and Abuse.ch. Our dataset comprises 2,000 diverse malware samples, including advanced persistent threats (APTs) and ransomware variants, along with 500 clean executables for baseline comparison. The system achieves a 94.8% detection rate on previously unseen malware, outperforming multiple commercial antivirus engines. We present two case studies—one involving a zero-day ransomware strain and another a stealthy backdoor—to illustrate real-world detection failures by static methods and how our system successfully identifies the threats. This work underscores the necessity of behavior-driven detection combined with continuously updated threat intelligence and highlights a pathway toward resilient, next-generation threat defence platforms.
References
1. Bayer, U., Comparetti, P. M., Hlauschek, C., Kruegel, C., & Kirda, E. (2006). Scalable, behaviorbased
malware clustering. NDSS Symposium. https://doi.org/10.14722/ndss.2006.23181
2. Rieck, K., Trinius, P., Willems, C., & Holz, T. (2008). Automatic analysis of malware behavior
using machine learning. Journal of Computer Security, 19(4), 639–668. https://doi.org/10.3233/JCS-
2011-0422
3. Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware
analysis techniques and tools. ACM Computing Surveys, 44(2), 1–42.
https://doi.org/10.1145/2089125.2089126
4. Bellamkonda, S. (2018). Understanding Network Security: Fundamentals, Threats, and Best
Practices. Journal of Computational Analysis and Applications, 24(1).
5. Rossow, C., Dietrich, C. J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., ... & Bos, H. (2013).
Prudent practices for designing malware experiments: Status quo and outlook. IEEE Symposium on
Security and Privacy, 65–79. https://doi.org/10.1109/SP.2012.14
6. Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2017). Software-defined networking (SDN) and distributed
denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues,
and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.
https://doi.org/10.1109/COMST.2015.2487361
7. Saxe, J., & Berlin, K. (2015). Deep neural network-based malware detection using two-dimensional
binary program features. 10th International Conference on Malicious and Unwanted Software
(MALWARE), 11–20. https://doi.org/10.1109/MALWARE.2015.7413680
8. Vangavolu, S. V. (2019). State Management in Large-Scale Angular Applications. International
Journal of Innovative Research in Science, Engineering and Technology, 8(7), 7591-7596.
https://www.ijirset.com/upload/2019/july/1_State.pdf
9. Shafiq, M. Z., Tabish, S. M., Farooq, M., & Mirza, H. (2009). PE-Miner: Mining structural
information to detect malicious executables in real time. Recent Advances in Intrusion Detection,
121–141. https://doi.org/10.1007/978-3-642-04342-0_7
10. Kolosnjaji, B., Zarras, A., Webster, G., & Eckert, C. (2016). Deep learning for classification of
malware system call sequences. Australasian Joint Conference on Artificial Intelligence, 137–149.
https://doi.org/10.1007/978-3-319-50127-7_11
11. AlienVault. (2019). Open Threat Exchange (OTX). https://otx.alienvault.com
12. Abuse.ch. (2019). Threat Intelligence Feeds: SSL Blacklist, MalwareBazaar. https://abuse.ch 13. Lindorfer, M., Neugschwandtner, M., & Platzer, C. (2011). MARA: A malware retrieval and
analysis system. Proceedings of the 18th Annual Network and Distributed System Security
Symposium.
14. Satish Kumar Nalluri, Venkata Krishna Bharadwaj Parasaram. (2019). Software-Centric Automation
Frameworks Integrating AI and Cybersecurity Principles. International Journal of Engineering
Science & Humanities, 9(1), 30–40. Retrieved from https://www.ijesh.com/j/article/view/539
15. Goli, V. R. (2016). Web design revolution: How 2015 redefined modern UI/UX forever.
International Journal of Computer Engineering & Technology, 7(2), 66–77
16. Mandiant. (2018). APT Groups and Zero-Day Campaign Reports. Retrieved from
17. Cuckoo Sandbox. (2019). Automated Malware Analysis. https://cuckoosandbox.org
18. VirusTotal. (2019). Free Online Virus, Malware, and URL Scanner. https://www.virustotal.com
19. Mohaisen, A., & Alrawi, O. (2013). Unveiling Zeus: Automated classification of malware samples.
Proceedings of the 22nd International Conference on World Wide Web, 829–832.
