Rule Creation in a Knowledge-assisted Visual Analytics Prototype for Malware Analysis

The increasing number of malicious software (malware) requires domain experts to shift their analysis process towards more individualized approaches to acquire more information about unknown malware samples. KAMAS is a knowledgeassisted visual analytics prototype for behavioral malware analysis. It allows IT-security experts to categorize and store potentially harmful system call sequences (rules) in a knowledge database. To meet the increasing demand for individualization of analysis processes, analysts should be able to create individual rules. This paper is a visualization design study, which describes the design and implementation of a Rule Creation Area (RCA) into KAMAS and its evaluation by domain experts. It became clear that continuous integration of experts in interaction processes improves the knowledge generation mechanism of KAMAS. Additionally, the outcome of the evaluation revealed that there is a demand for adjustment and re-usage of already stored rules in the RCA.

[1]  Christopher Andrews,et al.  The human is the loop: new directions for visual analytics , 2014, Journal of Intelligent Information Systems.

[2]  James J. Thomas,et al.  Defining Insight for Visual Analytics , 2009, IEEE Computer Graphics and Applications.

[3]  Austin Henderson,et al.  Interaction design: beyond human-computer interaction , 2002, UBIQ.

[4]  Markus Wagner,et al.  Sequitur-based Inference and Analysis Framework for Malicious System Behavior , 2017, ICISSP.

[5]  Daniel A. Keim,et al.  Knowledge Generation Model for Visual Analytics , 2014, IEEE Transactions on Visualization and Computer Graphics.

[6]  Daniel A. Keim,et al.  A Survey of Visualization Systems for Malware Analysis , 2015, EuroVis.

[7]  Wolfgang Aigner,et al.  A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS , 2016, Comput. Secur..

[8]  William Ribarsky,et al.  Defining and applying knowledge conversion processes to a visual analytics system , 2009, Comput. Graph..

[9]  Mamoun Alazab,et al.  Towards Understanding Malware Behaviour by the Extraction of API Calls , 2010, 2010 Second Cybercrime and Trustworthy Computing Workshop.

[10]  Min Chen,et al.  Data, Information, and Knowledge in Visualization , 2009, IEEE Computer Graphics and Applications.

[11]  Tamara Munzner,et al.  Design Study Methodology: Reflections from the Trenches and the Stacks , 2012, IEEE Transactions on Visualization and Computer Graphics.

[12]  Divya Bansal,et al.  Malware Analysis and Classification: A Survey , 2014 .

[13]  Aziz Mohaisen,et al.  AMAL: High-Fidelity, Behavior-Based Automated Malware Analysis and Classification , 2014, WISA.

[14]  Wolfgang Aigner,et al.  Supporting Knowledge-assisted Rule Creation in a Behavior-based Malware Analysis Prototype , 2017 .

[15]  Robert Gove,et al.  SEEM: a scalable visualization for comparing multiple large sets of attributes for malware analysis , 2014, VizSEC.

[16]  Kuinam J. Kim,et al.  A Study on Malicious Codes Pattern Analysis Using Visualization , 2011, 2011 International Conference on Information Science and Applications.

[17]  Addressing Big Data Security Challenges : The Right Tools for Smart Protection , 2012 .

[18]  Robert Luh,et al.  Malicious Behavior Patterns , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[19]  Michael G. Thomason,et al.  Syntactic Pattern Recognition, An Introduction , 1978, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[20]  Markus Wagner,et al.  Knowledge-Assisted Rule Building for Malware Analysis , 2016 .

[21]  King-Sun Fu,et al.  Syntactic Pattern Recognition And Applications , 1968 .

[22]  Wolfgang Aigner,et al.  Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis , 2014, VizSEC.

[23]  Eser Kandogan,et al.  Agile Visual Analytics in Data Science Systems , 2016, 2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[24]  Daniel A. Keim,et al.  Mastering the Information Age - Solving Problems with Visual Analytics , 2010 .

[25]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[26]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.