DocumentCode :
3006061
Title :
Visual analysis of malware behavior using treemaps and thread graphs
Author :
Trinius, Philipp ; Holz, Thorsten ; Göbel, Jan ; Freiling, Felix C.
Author_Institution :
Lab. for Dependable Distrib. Syst., Univ. of Mannheim, Mannheim, Germany
fYear :
2009
fDate :
11-11 Oct. 2009
Firstpage :
33
Lastpage :
38
Abstract :
We study techniques to visualize the behavior of malicious software (malware). Our aim is to help human analysts to quickly assess and classify the nature of a new malware sample. Our techniques are based on a parametrized abstraction of detailed behavioral reports automatically generated by sandbox environments. We then explore two visualization techniques: treemaps and thread graphs. We argue that both techniques can effectively support a human analyst (a) in detecting maliciousness of software, and (b) in classifying malicious behavior.
Keywords :
data visualisation; invasive software; trees (mathematics); malicious software; malware; sandbox environments; thread graphs; treemaps; visual analysis; Data visualization; Displays; File systems; Humans; Information analysis; Invasive software; Laboratories; Performance analysis; Tree graphs; Yarn; Behavior Analysis; Information Visualization; Invasive Software;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Visualization for Cyber Security, 2009. VizSec 2009. 6th International Workshop on
Conference_Location :
Atlantic City, NJ
Print_ISBN :
978-1-4244-5413-6
Type :
conf
DOI :
10.1109/VIZSEC.2009.5375540
Filename :
5375540
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3006061
بازگشت