Experiments with Malware Visualization
Conference paper
Abstract
This paper proposes DotPlot visualizations [1,8] for comparing and clustering malware. We describe how to process and customize the malware memory images to get robust and scalable visualizations. We demonstrate the effectiveness of the visualizations for analysing, comparing and clustering malware.
Keywords
Code Fragment Virtual Address Diagonal Region Memory Section Scalable Visualization
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Preview
Unable to display preview. Download preview PDF.
References
- 1.Foote, J.: Visualizing Music and Audio using Self-Similarity. In: ACM Multimedia (1999)Google Scholar
- 2.Li, P., Liu, L., Gao, D., Reiter, M.K.: On Challenges in Evaluating Malware Clustering. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 238–255. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 3.Maizel, J.V., Lenk, R.P.: Enhanced Graphic Matrix Analysis of Nucleic Acid and Protein Sequences. National Acad. of Science (1981)Google Scholar
- 4.Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware Images: Visualization and Automatic Classification. In: VizSec (2011)Google Scholar
- 5.Panas, T.: Signature Visualization of Software Binaries. In: SoftVis (2008)Google Scholar
- 6.Quist, D.A., Liebrock, L.M.: Visualizing Compiled Executables for Malware Analysis. In: VizSec (2009)Google Scholar
- 7.Trinius, P., Holz, T., Gobel, J., Freiling, F.C.: Visual Analysis of Malware Behavior Using Treemaps and Thread Graphs. In: VizSec (2009)Google Scholar
- 8.Wu, Y., Yap, R.H.C., Halim, F.: Visualizing Windows System Traces. In: SoftVis (2010)Google Scholar
- 9.Ramnath, R., Sufatrio, Yap, R.H.C., Wu, Y.: WinResMon: A Tool for Discovering Software Dependencies, Configuration and Requirements in Windows. In: LISA (2006)Google Scholar
Copyright information
© Springer-Verlag Berlin Heidelberg 2013