Knowledge-Assisted Rule Building for Malware Analysis
暂无分享,去创建一个
Due to the increasing threat from malicious software (malware), the monitoring of vulnerable systems is becoming increasingly important, which includes the need to log and analyze activity ranging from networks, individual computers, to mobile devices. Currently available tools in behavior-based malware analysis do not meet all experts’ needs, such as selecting different rules, categorizing them by their task and storing them in the database as well as manually adapting and/or tuning the rules identified. To close this gap, we designed CallNet, a knowledge-assisted visual analytics and rulebuilding tool for behavior-based malware analysis. The paper at hand is a design study which describes the design, a usage scenario, and the paper prototype evaluation. We report on the validation of CallNet by expert reviews, reflect on the insights gained from the reviews and, finally discuss the advantages and disadvantages of the prototype design including the visualization techniques applied.
[1] Felix C. Freiling,et al. Visual analysis of malware behavior using treemaps and thread graphs , 2009, 2009 6th International Workshop on Visualization for Cyber Security.
[2] Harry Hochheiser,et al. Research Methods for Human-Computer Interaction , 2008 .
[3] Ali A. Ghorbani,et al. A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.