Next Article in Journal
Path Loss Prediction in Dense WSN–IoT Networks with Machine Learning Techniques Across Diverse Terrains for Energy-Efficient Connectivity
Previous Article in Journal
Robust Controller Design for Delayed Load Frequency Control Systems Under Wind Power Uncertainty
Previous Article in Special Issue
Distributional Drift in IoT Intrusion Detection Systems: Implications for Cross-Dataset Generalisation
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 15
Issue 11
10.3390/electronics15112348
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Article

An Agent-Based Model of a Controlled Detonation System for Sandbox Analysis of Suspicious Software

by
Yevheniia Ivanchenko
1,
Mikolaj Karpinski
2,3,*,
Mykola Ryzhakov
1,
Ihor Ivanchenko
1,
Patryk Mazurek
2 and
Pawel Sawicki
4
1
Department of Technical Systems of Cyber Defense, State University of Information and Communication Technologies, 03110 Kyiv, Ukraine
2
Department of Software Engineering, University of the National Education Commission, 30-084 Krakow, Poland
3
Department of Cybersecurity, Ternopil Ivan Puluj National Technical University, 46001 Ternopil, Ukraine
4
ITSO GmbH, 10829 Berlin, Germany
*
Author to whom correspondence should be addressed.
Electronics 2026, 15(11), 2348; https://doi.org/10.3390/electronics15112348
Submission received: 30 March 2026 / Revised: 26 May 2026 / Accepted: 26 May 2026 / Published: 28 May 2026
(This article belongs to the Special Issue Emerging Research Trends and Technologies in Intrusion Detection Systems (IDSs) and Artificial Intelligence (AI) Utilization)
Versions Notes

Abstract

In this paper, we present an agent-based model of a controlled detonation system for dynamic sandbox analysis of suspicious software. Instead of treating the sandbox as a passive observer, the model places an AI operator inside the analysis loop and allows it to perform adaptive GUI interactions in a plausible, isolated execution environment. The controlled detonation process is formulated as a partially observable Markov decision process (POMDP), while the proposed proof-of-concept architecture combines initial profiling, VM preparation, multi-layer telemetry, and an RL policy with visual perception and temporal memory. Evaluation in a controlled emulation setting on 180 malware samples from three threat classes shows higher Activity Rates and Coverage, and shorter Time-to-Reveal than passive and fixed scripted baselines. These results support the feasibility of adaptive interactions as a promising direction for sandbox analysis, while broader external validation, matched comparisons with prior systems, and component-wise ablation remain future work.
Keywords: sandbox analysis; dynamic malware analysis; AI agent; controlled detonation; VM Factory; telemetry; computer vision; cybersecurity; proximal policy optimization; reinforcement learning sandbox analysis; dynamic malware analysis; AI agent; controlled detonation; VM Factory; telemetry; computer vision; cybersecurity; proximal policy optimization; reinforcement learning

Share and Cite

MDPI and ACS Style

Ivanchenko, Y.; Karpinski, M.; Ryzhakov, M.; Ivanchenko, I.; Mazurek, P.; Sawicki, P. An Agent-Based Model of a Controlled Detonation System for Sandbox Analysis of Suspicious Software. Electronics 2026, 15, 2348. https://doi.org/10.3390/electronics15112348

AMA Style

Ivanchenko Y, Karpinski M, Ryzhakov M, Ivanchenko I, Mazurek P, Sawicki P. An Agent-Based Model of a Controlled Detonation System for Sandbox Analysis of Suspicious Software. Electronics. 2026; 15(11):2348. https://doi.org/10.3390/electronics15112348

Chicago/Turabian Style

Ivanchenko, Yevheniia, Mikolaj Karpinski, Mykola Ryzhakov, Ihor Ivanchenko, Patryk Mazurek, and Pawel Sawicki. 2026. "An Agent-Based Model of a Controlled Detonation System for Sandbox Analysis of Suspicious Software" Electronics 15, no. 11: 2348. https://doi.org/10.3390/electronics15112348

APA Style

Ivanchenko, Y., Karpinski, M., Ryzhakov, M., Ivanchenko, I., Mazurek, P., & Sawicki, P. (2026). An Agent-Based Model of a Controlled Detonation System for Sandbox Analysis of Suspicious Software. Electronics, 15(11), 2348. https://doi.org/10.3390/electronics15112348

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop