TitleRule Creation in a Knowledge-assisted Visual Analytics Prototype for Malware Analysis
Publication TypeConference Paper
Year of PublicationIn Press
AuthorsSchick, J., M. Wagner, N. Thür, C. Niederer, G. Rottermanner, P. Tavolato, and W. Aigner
Conference NameProceedings of the 10th Forum Media Technology 2017
Date Published11/2017
PublisherCEUR-WS
Conference LocationSt. Pölten
Keywordsbehavior-based, Design Study, interactive, knowledge generation, malicious software, malware analysis, prototype, Visual analytics, Visualization
AbstractThe increasing number of malicious software (malware) requires domain experts to shift their analysis process towards more individualized approaches to acquire more information about unknown malware samples. KAMAS is a knowledge-assisted visual analytics prototype for behavioral malware analysis. It allows IT-security experts to categorize and store potentially harmful system call sequences (rules) in a knowledge database. To meet the increasing demand for individualization of analysis processes, analysts should be able to create individual rules. This paper is a visualization design study, which describes the design and implementation of a Rule Creation Area (RCA) into KAMAS and its evaluation by domain experts. It became clear that continuous integration of experts in interaction processes improves the knowledge generation mechanism of KAMAS. Additionally, the outcome of the evaluation revealed that there is a demand for adjustment and re-usage of already stored rules in the RCA.
URLhttp://mc.fhstp.ac.at/sites/default/files/publications/Schick_RuleCreation_2017.pdf
Refereed DesignationRefereed