Experiments with Malware Visualization

This paper proposes DotPlot visualizations [1,8] for comparing and clustering malware. We describe how to process and customize the malware memory images to get robust and scalable visualizations. We demonstrate the effectiveness of the visualizations for analysing, comparing and clustering malware.

[1]  Roland H. C. Yap,et al.  WinResMon: A Tool for Discovering Software Dependencies, Configuration, and Requirements in Microsoft Windows , 2006, LISA.

[2]  Lorie M. Liebrock,et al.  Visualizing compiled executables for malware analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[3]  Jonathan Foote,et al.  Visualizing music and audio using self-similarity , 1999, MULTIMEDIA '99.

[4]  Felix C. Freiling,et al.  Visual analysis of malware behavior using treemaps and thread graphs , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[5]  Roland H. C. Yap,et al.  Visualizing windows system traces , 2010, SOFTVIS '10.

[6]  Peng Li,et al.  On Challenges in Evaluating Malware Clustering , 2010, RAID.

[7]  J. Maizel,et al.  Enhanced graphic matrix analysis of nucleic acid and protein sequences. , 1981, Proceedings of the National Academy of Sciences of the United States of America.

[8]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[9]  Thomas Panas Signature visualization of software binaries , 2008, SoftVis '08.