论文信息 - Supporting Knowledge-assisted Rule Creation in a Behavior-based Malware Analysis Prototype

Supporting Knowledge-assisted Rule Creation in a Behavior-based Malware Analysis Prototype

The ever increasing number of malicious software (malware) requires domain experts to shift their analysis process towards more individualized approaches to acquire more information about presently unknown malware samples. KAMAS is a knowledge-assisted visual analytics prototype for behavioral malware analysis, which allows IT-security experts to categorize and store potentially harmful system call sequences (rules) in a knowledge database. In order to meet the increasing demand for individualization of analysis processes, analysts have to be able to create individual rules. This paper is a visualization design study, which describes the design and implementation of a separate Rule Creation Area (RCA) into KAMAS and its evaluation by domain experts.It became clear that continuous integration of experts in interaction processes improves the analysis and knowledge generation mechanism of KAMAS. Additionally, the outcome of the evaluation revealed that there is a demand for adjustment and re-usage of already stored rules in the RCA.

[1] Robert Luh,et al. Malicious Behavior Patterns , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[2] Min Chen,et al. Data, Information, and Knowledge in Visualization , 2009, IEEE Computer Graphics and Applications.

[3] William Ribarsky,et al. Defining and applying knowledge conversion processes to a visual analytics system , 2009, Comput. Graph..

[4] Michael G. Thomason,et al. Syntactic Pattern Recognition, An Introduction , 1978, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[5] Markus Wagner,et al. Knowledge-Assisted Rule Building for Malware Analysis , 2016 .

[6] Tamara Munzner,et al. Design Study Methodology: Reflections from the Trenches and the Stacks , 2012, IEEE Transactions on Visualization and Computer Graphics.

[7] Wolfgang Aigner,et al. A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS , 2016, Comput. Secur..

[8] Daniel A. Keim,et al. Mastering the Information Age - Solving Problems with Visual Analytics , 2010 .

[9] Wolfgang Aigner,et al. Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis , 2014, VizSEC.

[10] Divya Bansal,et al. Malware Analysis and Classification: A Survey , 2014 .