A Survey of Visualization Systems for Malware Analysis

Due to the increasing threat from malicious software (malware), monitoring of vulnerable systems is becoming increasingly important. The need to log and analyze activity encompasses networks, individual computers, as well as mobile devices. While there are various automatic approaches and techniques available to detect, identify, or capture malware, the actual analysis of the ever-increasing number of suspicious samples is a time-consuming process for malware analysts. The use of visualization and highly interactive visual analytics systems can help to support this analysis process with respect to investigation, comparison, and summarization of malware samples. Currently, there is no survey available that reviews available visualization systems supporting this important and emerging field. We provide a systematic overview and categorization of malware visualization systems from the perspective of visual analytics. Additionally, we identify and evaluate data providers and commercial tools that produce meaningful input data for the reviewed malware visualization systems. This helps to reveal data types that are currently underrepresented, enabling new research opportunities in the visualization community.

[1]  KyoungSoo Han,et al.  Malware Analysis Using Visualized Image Matrices , 2014, TheScientificWorldJournal.

[2]  Daniel A. Keim,et al.  Visual Analytics: Scope and Challenges , 2008, Visual Data Mining.

[3]  Srinivas Mukkamala,et al.  Image visualization based malware detection , 2013, 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[4]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[5]  Eul Gyu Im,et al.  Malware analysis using visualized images and entropy graphs , 2015, International Journal of Information Security.

[6]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.

[7]  Mohd Aizaini Maarof,et al.  Malware Behaviour Visualization , 2014 .

[8]  Rafael D. C. Santos,et al.  Visualization techniques for malware behavior analysis , 2011, Defense + Commercial Sensing.

[9]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[10]  Daniel A. Keim,et al.  Knowledge Generation Model for Visual Analytics , 2014, IEEE Transactions on Visualization and Computer Graphics.

[11]  Lorie M. Liebrock,et al.  Visualizing compiled executables for malware analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[12]  Vinod Yegneswaran,et al.  A comparative assessment of malware classification using binary texture analysis and dynamic analysis , 2011, AISec '11.

[13]  Vitor Monte Afonso,et al.  Interactive, Visual-Aided Tools to Analyze Malware Behavior , 2012, ICCSA.

[14]  Thomas Panas Signature visualization of software binaries , 2008, SoftVis '08.

[15]  Peter Wegner,et al.  Why interaction is more powerful than algorithms , 1997, CACM.

[16]  Joohan Lee,et al.  A survey of data mining techniques for malware detection using file features , 2008, ACM-SE 46.

[17]  Robert Gove,et al.  SEEM: a scalable visualization for comparing multiple large sets of attributes for malware analysis , 2014, VizSEC.

[18]  Daniel A. Keim,et al.  Information Visualization and Visual Data Mining , 2002, IEEE Trans. Vis. Comput. Graph..

[19]  Silvia Miksch,et al.  A matter of time: Applying a data-users-tasks design triangle to visual analytics of time-oriented data , 2014, Comput. Graph..

[20]  Wolfgang Aigner,et al.  Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis , 2014, VizSEC.

[21]  InSeon Yoo,et al.  Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[22]  Roland H. C. Yap,et al.  Experiments with Malware Visualization , 2012, DIMVA.

[23]  Mohd Aizaini Maarof,et al.  Malware behavior image for malware variant identification , 2014, 2014 International Symposium on Biometrics and Security Technologies (ISBAST).

[24]  Yacin Nadji,et al.  MalwareVis: entity-based visualization of malware network traces , 2012, VizSec '12.

[25]  Fernando Vieira Paulovich,et al.  Nmap: A Novel Neighborhood Preservation Space-filling Algorithm , 2014, IEEE Transactions on Visualization and Computer Graphics.

[26]  Eul Gyu Im,et al.  Malware analysis method using visualization of binary files , 2013, RACS.

[27]  Robert Gove,et al.  Detecting malware samples with similar image sets , 2014, VizSEC.

[28]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX Annual Technical Conference, FREENIX Track.

[29]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[30]  Tamara Munzner,et al.  A Multi-Level Typology of Abstract Visualization Tasks , 2013, IEEE Transactions on Visualization and Computer Graphics.

[31]  Kris Kendall,et al.  Practical Malware Analysis , 2012, Netw. Secur..

[32]  Kristin A. Cook,et al.  Illuminating the Path: The Research and Development Agenda for Visual Analytics , 2005 .

[33]  Robert P. Goldberg,et al.  Survey of virtual machine research , 1974, Computer.

[34]  Srinivas Mukkamala,et al.  Visualization techniques for efficient malware detection , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[35]  Georges G. Grinstein,et al.  Iconographic Displays For Visualizing Multidimensional Data , 1988, Proceedings of the 1988 IEEE International Conference on Systems, Man, and Cybernetics.

[36]  Greg,et al.  Security data visualization : graphical techniques for network analysis , 2007 .

[37]  Andrew Honig,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .

[38]  D. F. Andrews,et al.  PLOTS OF HIGH-DIMENSIONAL DATA , 1972 .

[39]  Stephan Diehl,et al.  Software Visualization - Visualizing the Structure, Behaviour, and Evolution of Software , 2007 .

[40]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[41]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[42]  Matthew O. Ward,et al.  Exploring N-dimensional databases , 1990, Proceedings of the First IEEE Conference on Visualization: Visualization `90.

[43]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[44]  Robert Luh,et al.  Malicious Behavior Patterns , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[45]  Daniel A. Keim,et al.  Mastering the Information Age - Solving Problems with Visual Analytics , 2010 .

[46]  Jugal K. Kalita,et al.  Surveying Port Scans and Their Detection Methodologies , 2011, Comput. J..

[47]  Kuinam J. Kim,et al.  A Study on Malicious Codes Pattern Analysis Using Visualization , 2011, 2011 International Conference on Information Science and Applications.

[48]  U. Bayer,et al.  TTAnalyze: A Tool for Analyzing Malware , 2006 .

[49]  Silvia Miksch,et al.  Exploring highly structured data: a comparative study of stardinates and parallel coordinates , 2005, Ninth International Conference on Information Visualisation (IV'05).

[50]  Mourad Debbabi,et al.  Cyber Scanning: A Comprehensive Survey , 2014, IEEE Communications Surveys & Tutorials.

[51]  Marc Streit,et al.  Opening the Black Box: Strategies for Increased User Involvement in Existing Algorithm Implementations , 2014, IEEE Transactions on Visualization and Computer Graphics.

[52]  Dimitris Gritzalis,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012, Comput. Secur..

[53]  Mahamod Ismail,et al.  A static and dynamic visual debugger for malware analysis , 2012, 2012 18th Asia-Pacific Conference on Communications (APCC).

[54]  Joshua Saxe,et al.  Visualization of shared system call sequence relationships in large malware corpora , 2012, VizSec '12.

[55]  Tamara Munzner,et al.  Design Study Methodology: Reflections from the Trenches and the Stacks , 2012, IEEE Transactions on Visualization and Computer Graphics.

[56]  Mark Russinovich,et al.  Windows® Internals, Part 1: Covering Windows Server® 2008 R2 and Windows 7 , 2012 .

[57]  Heidrun Schumann,et al.  Visualization of Time-Oriented Data , 2011, Human-Computer Interaction Series.

[58]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[59]  Alexander Pretschner,et al.  DAVAST: data-centric system level activity visualization , 2014, VizSec '14.

[60]  Herman Chernoff,et al.  The Use of Faces to Represent Points in k- Dimensional Space Graphically , 1973 .

[61]  Christopher Krügel,et al.  Dynamic Analysis of Malicious Code , 2006, Journal in Computer Virology.

[62]  Gregory J. Conti,et al.  Visual Reverse Engineering of Binary and Data Files , 2008, VizSEC.

[63]  Felix C. Freiling,et al.  Visual analysis of malware behavior using treemaps and thread graphs , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[64]  Lorie M. Liebrock,et al.  Reversing Compiled Executables for Malware Analysis via Visualization , 2011, Inf. Vis..

[65]  Srinivas Mukkamala,et al.  Mobile malware visual analytics and similarities of Attack Toolkits (Malware gene analysis) , 2013, 2013 International Conference on Collaboration Technologies and Systems (CTS).

[66]  Terran Lane,et al.  Improving malware classification: bridging the static/dynamic gap , 2012, AISec.

[67]  Tamara Munzner,et al.  Visualization Analysis and Design , 2014, A.K. Peters visualization series.