TitleVisual Analytics: Foundations and Experiences in Malware Analysis
Publication TypeBook Chapter
Year of PublicationIn Press
AuthorsWagner, M., D. Sacha, A. Rind, F. Fischer, R. Luh, S. Schrittwieser, D. A. Keim, and W. Aigner
EditorBen Othmane, L., M. Gilje Jaatun, and E. Weippl
Book TitleEmpirical Research for Software Security: Foundations and Experience
PublisherCRC/Taylor and Francis
Keywordsdata, interaction, knowledge generation, malware analysis, model, Visual analytics, Visualization
AbstractThis chapter starts by providing some background in behavior-based malware analysis. Subsequently, it introduces VA and its main components based on the knowledge generation model for VA (Sacha et al., 2014). Then, it demonstrates the applicability of VA in in this subfield of software security with three projects that illustrate practical experience of VA methods: MalwareVis (Zhuo et al., 2012) supports network forensics and malware analysis by visually assessing TCP and DNS network streams. SEEM (Gove et al., 2014) allows visual comparison of multiple large attribute sets of malware samples, thereby enabling bulk classification. KAMAS (Wagner et al. 2017) is a knowledge-assisted visualization system for behavior-based malware forensics enabled by API calls and system call traces. Future directions in visual analytics for malware analysis conclude the chapter.
Refereed DesignationRefereed