A Bigram Supported Generic Knowledge-Assisted Malware Analysis System: BiG2-KAMAS

Malicious software, short “malware”, refers to software programs that are designed to cause damage or to perform unwanted actions on the infected computer system. Behaviorbased analysis of malware typically utilizes tools that produce lengthy traces of observed events, which have to be analyzed manually or by means of individual scripts. Due to the growing amount of data extracted from malware samples, analysts are in need of an interactive tool that supports them in their exploration efforts. In this respect, the use of visual analytics methods and stored expert knowledge helps the user to speed up the exploration process and, furthermore, to improve the quality of the outcome. In this paper, the previously developed KAMAS prototype is extended with additional features such as the integration of a bi-gram based valuation approach to cover further malware analysts’ needs. The result is a new prototype which was evaluated by two domain experts in a detailed user study.

[1]  Nathan S. Netanyahu,et al.  DeepSign: Deep learning for automatic malware signature generation and classification , 2015, 2015 International Joint Conference on Neural Networks (IJCNN).

[2]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[3]  Ian H. Witten,et al.  Identifying Hierarchical Structure in Sequences: A linear-time algorithm , 1997, J. Artif. Intell. Res..

[4]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[5]  Colin Ware,et al.  Information Visualization: Perception for Design , 2000 .

[6]  Wolfgang Aigner,et al.  Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis , 2014, VizSEC.

[7]  Wolfgang Aigner,et al.  A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS , 2016, Comput. Secur..

[8]  Ted Dunning,et al.  Accurate Methods for the Statistics of Surprise and Coincidence , 1993, CL.

[9]  Simin Nadjm-Tehrani,et al.  Detection and Visualization of Android Malware Behavior , 2016, J. Electr. Comput. Eng..

[10]  Robert S. Laramee,et al.  Survey of Surveys (SoS) ‐ Mapping The Landscape of Survey Papers in Information Visualization , 2017, Comput. Graph. Forum.

[11]  Andrew Honig,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .

[12]  Sebastian Schrittwieser,et al.  Classifying malicious system behavior using event propagation trees , 2015, iiWAS.

[13]  Chen Li,et al.  Malware variant detection using similarity search over content fingerprint , 2014, The 26th Chinese Control and Decision Conference (2014 CCDC).

[14]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 2019, Texts in Computer Science.

[15]  James R. Cordy,et al.  A survey of grammatical inference in software engineering , 2014, Sci. Comput. Program..

[16]  Wolfgang Aigner,et al.  BiG2-KAMAS: Supporting Knowledge-Assisted Malware Analysis with Bi-Gram Based Valuation , 2017 .

[17]  Markus Wagner,et al.  Sequitur-based Inference and Analysis Framework for Malicious System Behavior , 2017, ICISSP.

[18]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[19]  Hugo Gonzalez,et al.  Enriching reverse engineering through visual exploration of Android binaries , 2015, PPREW@ACSAC.

[20]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.

[21]  Peter M. Wrench,et al.  Towards a PHP webshell taxonomy using deobfuscation-assisted similarity analysis , 2015, 2015 Information Security for South Africa (ISSA).

[22]  Markus Wagner,et al.  Knowledge-Assisted Rule Building for Malware Analysis , 2016 .

[23]  Sebastian Schrittwieser,et al.  LLR-Based Sentiment Analysis for Kernel Event Sequences , 2017, 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA).

[24]  Robert Luh,et al.  Malicious Behavior Patterns , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[25]  Daniel A. Keim,et al.  A Survey of Visualization Systems for Malware Analysis , 2015, EuroVis.

[26]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.