Classification of Malware Using Visualisation of Similarity Matrices

Malicious software (malware) attacks are on the rise with the explosion of Internet of Things (IoT) worldwide. With the proliferation of Big Data, it becomes a time consuming process to use various automatic approaches and techniques that are available to detect and capture malware thoroughly. Visualisation techniques can support the malware analysis process for performing the similarity comparisons and summarisation of possible malware in such Big Data contexts. In this paper, we design a novel classification of malware using visualization of similarity matrices. The prime motivation of our proposal is to detect unknown malwares that undergo the innumerable obfuscations of extended x86 IA-32 (opcodes) in order to evade from traditional detection methods. Overall, the high accuracy of classification achieved with our proposed model can be observed visually due to significant dissimilarity of the behaviour patterns exhibited by malware opcodes as compared to benign opcodes.

[1]  Fei Wang,et al.  SocialHelix: visual analysis of sentiment divergence in social media , 2015, J. Vis..

[2]  Sitalakshmi Venkatraman,et al.  Autonomic Framework for IT Security Governance , 2017 .

[3]  Nan Cao,et al.  Introduction to Text Visualization , 2016, Atlantis Briefs in Artificial Intelligence.

[4]  Eul Gyu Im,et al.  Malware analysis method using visualization of binary files , 2013, RACS.

[5]  Naren Ramakrishnan,et al.  ThemeDelta: Dynamic Segmentations over Temporal Topic Models , 2015, IEEE Transactions on Visualization and Computer Graphics.

[6]  Sitalakshmi Venkatraman,et al.  Detecting malicious behaviour using supervised learning algorithms of the function calls , 2013, Int. J. Electron. Secur. Digit. Forensics.

[7]  Gregory J. Conti,et al.  Visual Reverse Engineering of Binary and Data Files , 2008, VizSEC.

[8]  Daniel A. Keim,et al.  Information Visualization and Visual Data Mining , 2002, IEEE Trans. Vis. Comput. Graph..

[9]  Wolfgang Aigner,et al.  Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis , 2014, VizSEC.

[10]  Robert Gove,et al.  SEEM: a scalable visualization for comparing multiple large sets of attributes for malware analysis , 2014, VizSEC.

[11]  Mohd Aizaini Maarof,et al.  Malware behavior image for malware variant identification , 2014, 2014 International Symposium on Biometrics and Security Technologies (ISBAST).

[12]  Eul Gyu Im,et al.  Malware analysis using visualized images and entropy graphs , 2014, International Journal of Information Security.

[13]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[14]  Md. Rafiqul Islam,et al.  A Hybrid Wrapper-Filter Approach for Malware Detection , 1969, J. Networks.

[15]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[16]  Amy X. Zhang,et al.  Compare Clouds : Visualizing Text C orpora to Compare Media Frames , 2015 .

[17]  KyoungSoo Han,et al.  Malware Analysis Using Visualized Image Matrices , 2014, TheScientificWorldJournal.

[18]  Stephanie Boehm,et al.  Information Dashboard Design The Effective Visual Communication Of Data , 2016 .

[19]  Robert Luh,et al.  Malicious Behavior Patterns , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[20]  Greg,et al.  Security data visualization : graphical techniques for network analysis , 2007 .

[21]  Mourad Debbabi,et al.  Cyber Scanning: A Comprehensive Survey , 2014, IEEE Communications Surveys & Tutorials.

[22]  Robert Gove,et al.  Detecting malware samples with similar image sets , 2014, VizSEC.