MalViz: an interactive visualization tool for tracing malware

This demonstration paper introduces MalViz, a visual analytic tool for analyzing malware behavioral patterns through process monitoring events. The goals of this tool are: 1) to investigate the relationship and dependencies among processes interacted with a running malware over a certain period of time, 2) to support professional security experts in detecting and recognizing unusual signature-based patterns exhibited by a running malware, and 3) to help users identify infected system and users' libraries that the malware has reached and possibly tampered. A case study is conducted in a virtual machine environment with a sample of four malware programs. The result of the case study shows that the visualization tool offers a great support for experts in software and system analysis and digital forensics to profile and observe malicious behavior and further identify the traces of affected software artifacts.

[1]  Daniel A. Keim,et al.  A Survey of Visualization Systems for Malware Analysis , 2015, EuroVis.

[2]  Jihun Kim,et al.  Dynamic Analysis Bypassing Malware Detection Method Utilizing Malicious Behavior Visualization and Similarity , 2017, MUE/FutureTech.

[3]  Angus Graeme Forbes,et al.  TimeArcs: Visualizing Fluctuations in Dynamic Networks , 2016, Comput. Graph. Forum.

[4]  Srinivas Mukkamala,et al.  Visualization techniques for efficient malware detection , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[5]  Wolfgang Aigner,et al.  A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS , 2016, Comput. Secur..

[6]  Martin Wattenberg Baby names, visualization, and social data analysis , 2005, IEEE Symposium on Information Visualization, 2005. INFOVIS 2005..

[7]  Jeffrey Heer,et al.  SpanningAspectRatioBank Easing FunctionS ArrayIn ColorIn Date Interpolator MatrixInterpola NumObjecPointI Rectang ISchedu Parallel Pause Scheduler Sequen Transition Transitioner Transiti Tween Co DelimGraphMLCon IData JSONCon DataField DataSc Dat DataSource Data DataUtil DirtySprite LineS RectSprite , 2011 .

[8]  Kuinam J. Kim,et al.  A Study on Malicious Codes Pattern Analysis Using Visualization , 2011, 2011 International Conference on Information Science and Applications.

[9]  Eul Gyu Im,et al.  Malware analysis method using visualization of binary files , 2013, RACS.

[10]  Dimitris Gritzalis,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012, Comput. Secur..

[11]  Andrew Honig,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .

[12]  Jeffrey Heer,et al.  D³ Data-Driven Documents , 2011, IEEE Transactions on Visualization and Computer Graphics.

[13]  Emi Kalita WannaCry Ransomware Attack: Protect yourself from WannaCry Ransomware: Cyber Risk and Cyber War , 2017 .

[14]  Jonghyun Kim,et al.  Improvement of malware detection and classification using API call sequence alignment and visualization , 2017, Cluster Computing.