TitleSupporting Knowledge-assisted Rule Creation in a Behavior-based Malware Analysis Prototype
Publication TypeConference Paper
Year of Publication2017
AuthorsSchick, J., M. Wagner, N. Thür, C. Niederer, G. Rottermanner, P. Tavolato, and W. Aigner
Conference NamePoster of the 14th Workshop on Visualization for Cyber Security (VizSec)
Date Published10/2017
Conference LocationPhoenix, Arizona, USA
Keywordsexplicit knowledge, information visualization, Knowledge-assisted Visualization, User-Centered Design, Visual analytics
AbstractThe ever increasing number of malicious software (malware) requires domain experts to shift their analysis process towards more individualized approaches to acquire more information about presently unknown malware samples. KAMAS is a knowledge-assisted visual analytics prototype for behavioral malware analysis, which allows IT-security experts to categorize and store potentially harmful system call sequences (rules) in a knowledge database. In order to meet the increasing demand for individualization of analysis processes, analysts have to be able to create individual rules. This paper is a visualization design study, which describes the design and implementation of a separate Rule Creation Area (RCA) into KAMAS and its evaluation by domain experts. It became clear that continuous integration of experts in interaction processes improves the analysis and knowledge generation mechanism of KAMAS. Additionally, the outcome of the evaluation revealed that there is a demand for adjustment and re-usage of already stored rules in the RCA.
Refereed DesignationRefereed