TitleKnowledge-Assisted Rule Building for Malware Analysis
Publication TypeConference Paper
Year of Publication2016
AuthorsWagner, M., A. Rind, G. Rottermanner, C. Niederer, and W. Aigner
Conference NameProceedings of the 10th Forschungsforum der österreichischen Fachhochschulen
PublisherFH des BFI Wien
Conference LocationVienna, Austria
Keywordsbehavior-based malware analysis, externalized knowledge, interaction, knowledge generation, knowledge-assisted, prior knowledge, prototyping, usability, User-Centered Design, Visual analytics
AbstractDue to the increasing threat from malicious software (malware), monitoring of vulnerable systems is becoming increasingly important which includes the need to log and analyze activity encompasses networks, individual computers, as well as mobile devices. Currently available tools in behavior-based malware analysis do not meet all experts’ needs, such as selecting different rules, categorizing them by their task and storing them in the database as well as manually adapting and/or tuning of found rules. To close this gap, we designed CallNet, a knowledge-assisted visual analytics and rule building tool for behavior-based malware analysis. The paper at hand is a design study which describes the design, a usage scenario, and the paper prototype evaluation. We report on the validation of CallNet by expert reviews, reflect the gained insights of the reviews and discuss the advantages and disadvantages of the prototype design including the applied visualization techniques.
Refereed DesignationRefereed