Malware Behaviour Visualization

Authors

  • Syed Zainudeen Mohd Shaid Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, 81310 UTM Johor Bahru, Johor, Malaysia
  • Mohd Aizaini Maarof Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, 81310 UTM Johor Bahru, Johor, Malaysia

DOI:

https://doi.org/10.11113/jt.v70.3512

Keywords:

Malware, malware behaviour, malware visualization, malware behaviour visualization

Abstract

The number of unique malware variants released each year is on the rise. Researchers may often need to use manual static and dynamic analysis to study new malware samples. Manual analysis of malware samples takes time. The more time taken to analyse a malware sample, the larger the damage that a malware can inflict. A lot of techniques have been devised by researchers to facilitate malware analysis and one of them is through malware visualization. Malware visualization is a field that focuses on representing malware features in the form of visual cues or images. This could be used to convey more information about a particular malware. Existing malware visualization techniques lack focus in visualizing malware behaviour in such a way that could enable better analysis of malware samples. In this paper, a new technique for malware visualization called ‘Malware Behaviour Image’ is presented. From the test results, the proposed technique is able to accurately capture and highlight malicious behaviour of malware samples, and can be used for malware analysis, detection and identification of malware variants.

References

Symantec Corp. 2011.Symantec Internet Security Threat Report–2010. Internet Security Threat Report Volume 16. Technical Report. http://www.symantec.com/business/threatreport/.

Symantec Corp. 2012. Symantec Internet Security Threat Report 2011. Internet Security Threat Report, Volume 17. Technical Report. http://www.symantec.com/business/threatreport/.

Symantec Corp. 2013. Symantec Internet Security Threat Report 2012. Internet Security Threat Report, Volume 18. Technical Report. http://www.symantec.com/business/threatreport/.

Egele, M., Scholte, T., Kirda, E., and Kruegel, C. 2011. A Survey on Automated Dynamic Malware Analysis Techniques and Tools. ACM Computing Surveys. 1–49.

Trinius, P., Holz, T., Gobel, J., and Freiling, F. C. 2009. Visual Analysis of Malware Behaviour Using Treemaps and Thread Graphs. 6th International Workshop on Visualization for Cyber Security, 2009 (VizSec 2009). Oct 2009. 33–38.

Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. 2011. Malware Images: Visualization and Automatic Classification. Proceedings of Visualization for Cyber Security (VizSec). 2011: 1–7

Quist, D. A. and Liebrock, L. M. 2009. Visualizing Compiled Executables for Malware Analysis. In International Workshop on Visualization for Cyber Security (VizSec). 27–32.

Microsoft. 2010. Microsoft PE and COFF Specification. Technical Report, Microsoft.

Jiang, X., Wang, X., And Xu, D. 2007. Stealthy Malware Detection through vmm-based "out-of-the-box" Semantic View Reconstruction. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07). New York, NY, USA: ACM. 128–138.

Nair, V. P., Jain, H., Golecha, Y. K., Gaur, M. S., And Laxmi, V. 2010. MEDUSA: Metamorphic malware Dynamic analysis Using Signature from API. Proceedings of the 3rd international conference on Security of information and networks (SIN '10). New York, NY, USA: ACM. 263–269.

Trinius, P., Holz, T., Gobel, J., And Freiling, F. C. 2009. Visual Analysis of Malware Behaviour Using Treemaps and Thread Graphs. 6th International Workshop on Visualization for Cyber Security, 2009 (VizSec 2009). Oct. 33–38.

Zhang, F. Y., Qi, D. Y., and Hu, J. L. 2010. Using IRP for Malware Detection. Recent Advances in Intrusion Detection in Lecture Notes in Computer Science.Springer Berlin/Heidelberg. 514–515.

Ahmed, I., and Lhee, K. S. 2011. Classification of Packet Contents for Malware Detection. Journal in Computer Virology. 279–295.

Skrzewski, M. 2011. Flow Based Algorithm for Malware Traffic Detection. Computer Networks in Communications in Computer and Information Science. Springer Berlin Heidelberg. 271–280.

Nataraj, L., Yegneswaran, V., Porras, P., and Zhang, J. 2011. A Comparative Assessment of Malware Classification Using Binary Texture Analysis and Dynamic Analysis. In Proceedings of the 4th ACM workshop on Security and artificial intelligence (AISec '11). ACM, New York, NY, USA. 21–30.

Oberhumer, M. F., and MolnaÌr, L. 2013. The Ultimate Packer for eXecutables (UPX). UPX. Retrieved June 13, 2013, from http://upx.sourceforge.net/.

Hunter, J. D. 2007. Matplotlib: A 2D Graphics Environment. Computing in Science & Engineering. 9(3): 90–95.

Downloads

Published

2014-09-18

Issue

Vol. 70 No. 5: Special Issue in Science and Technology

Section

Science and Engineering

License

Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.

How to Cite

Malware Behaviour Visualization. (2014). Jurnal Teknologi, 70(5). https://doi.org/10.11113/jt.v70.3512