TitleA Bigram Supported Generic Knowledge-Assisted Malware Analysis System: BiG2-KAMAS
Publication TypeConference Paper
Year of Publication2017
AuthorsThür, N., M. Wagner, J. Schick, C. Niederer, J. Eckel, R. Luh, and W. Aigner
Conference NameProceedings of the 10th Forum Media Technology 2017
Date Published11/2017
Conference LocationSt. Pölten
Keywordsbehavior-based, Design Study, interactive, knowledge generation, malicious software, malware analysis, prototype, Visual analytics, Visualization
AbstractMalicious software, short "malware", refers to software programs that are designed to cause damage or to perform unwanted actions on the infected computer system. Behavior-based analysis of malware typically utilizes tools that produce lengthy traces of observed events, which have to be analyzed manually or by means of individual scripts. Due to the growing amount of data extracted from malware samples, analysts are in need of an interactive tool that supports them in their exploration efforts. In this respect, the use of visual analytics methods and stored expert knowledge helps the user to speed up the exploration process and, furthermore, to improve the quality of the outcome. In this paper, the previously developed KAMAS prototype is extended with additional features such as the integration of a bi-gram based valuation approach to cover further malware analysts' needs. The result is a new prototype which was evaluated by two domain experts in a detailed user study.
Refereed DesignationRefereed