short-paper

MalViz: an interactive visualization tool for tracing malware

Authors:

Vinh The Nguyen,

Akbar Siami Namin,

Tommy DangAuthors Info & Claims

ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 376 - 379

https://doi.org/10.1145/3213846.3229501

Published: 12 July 2018 Publication History

Abstract

This demonstration paper introduces MalViz, a visual analytic tool for analyzing malware behavioral patterns through process monitoring events. The goals of this tool are: 1) to investigate the relationship and dependencies among processes interacted with a running malware over a certain period of time, 2) to support professional security experts in detecting and recognizing unusual signature-based patterns exhibited by a running malware, and 3) to help users identify infected system and users' libraries that the malware has reached and possibly tampered. A case study is conducted in a virtual machine environment with a sample of four malware programs. The result of the case study shows that the visualization tool offers a great support for experts in software and system analysis and digital forensics to profile and observe malicious behavior and further identify the traces of affected software artifacts.

References

[1]

Moti Bani. 2016. Process Monitor for Dynamic Malware Analysis. https://blogs.technet.microsoft.com/motiba/2016/05/04/ process-monitor-for-dynamic-malware-analysis/.

[2]

Michael Bostock, Vadim Ogievetsky, and Jeffrey Heer. 2011. D3 Data-Driven Documents. IEEE Trans. Vis. Comput. Graph. 17, 12 (2011), 2301–2309.

Digital Library

[3]

New Jersey Cybersecurity Communications Integration Cell. 2017. NJRat. https: //www.cyber.nj.gov/threat-profiles/trojan-variants/njrat.

[4]

Tuan Nhon Dang, Nick Pendar, and Angus G. Forbes. 2016. TimeArcs: Visualizing Fluctuations in Dynamic Networks. Computer Graphics Forum (2016).

[5]

John Donahue, Anand Paturi, and Srinivas Mukkamala. 2013. Visualization techniques for efficient malware detection. In Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on. IEEE, 289–291.

[6]

KyoungSoo Han, Jae Hyun Lim, and Eul Gyu Im. 2013. Malware analysis method using visualization of binary files. In Proceedings of the 2013 Research in Adaptive and Convergent Systems. ACM, 317–321.

Digital Library

[7]

Emi Kalita. 2017. WannaCry Ransomware Attack: Protect Yourself from WannaCry Ransomware Cyber Risk and Cyber War. Independently published.

Digital Library

[8]

Hyunjoo Kim, Jonghyun Kim, Youngsoo Kim, Ikkyun Kim, Kuinam J Kim, and Hyuncheol Kim. 2017. Improvement of malware detection and classification using API call sequence alignment and visualization. Cluster Computing (2017), 1–9.

[9]

Jihun Kim and Jonghee M Youn. 2017. Dynamic Analysis Bypassing Malware Detection Method Utilizing Malicious Behavior Visualization and Similarity. In Advanced Multimedia and Ubiquitous Engineering. Springer, 560–565.

[10]

Malwarebytes Labs. 2018. Ransom.Cerber - Malwarebytes Labs. https://blog. malwarebytes.com/detections/ransom-cerber/.

[11]

DongHwi Lee, In Soo Song, Kuinam J Kim, and Jun-hyeon Jeong. 2011. A study on malicious codes pattern analysis using visualization. In Information Science and Applications (ICISA), 2011 International Conference on. IEEE, 1–5.

Digital Library

[12]

MalwareTech. 2017. The Kelihos Botnet. https://www.malwaretech.com/2017/ 04/the-kelihos-botnet.html.

[13]

Michael Sikorski and Andrew Honig. 2012. Practical malware analysis: the handson guide to dissecting malicious software. no starch press.

Digital Library

[14]

Hispasec Sistemas. 2018. VirusTotal Public API v2.0. https://www.virustotal. com/en/documentation/public-api/ {Accessed date: Feb 14, 2018}.

[15]

Yuval tisf Nativ. 2016. theZoo aka Malware DB. http://thezoo.morirt.com/.

[16]

Markus Wagner, Fabian Fischer, Robert Luh, Andrea Haberson, Alexander Rind, Daniel A Keim, Wolfgang Aigner, R Borgo, F Ganovelli, and I Viola. 2015. A survey of visualization systems for malware analysis. In EG Conference on Visualization (EuroVis)-STARs. 105–125.

[17]

Markus Wagner, Alexander Rind, Niklas Thür, and Wolfgang Aigner. 2017. A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS. computers & security 67 (2017), 1–15.

Digital Library

Cited By

Wu LJamonnak SYe XShaw SSaxena NChoi K(2024)Theoretical and Experimental Framework for Estimating Cyber Victimization Risk in a Hybrid Physical-Virtual WorldJournal of Applied Security Research10.1080/19361610.2024.2368969(1-25)Online publication date: 17-Jun-2024
https://doi.org/10.1080/19361610.2024.2368969
Zhou FFan YLv SJiang LChen ZYuan JHan FJiang HBai GZhao Y(2024)FCTree: Visualization of function calls in executionInformation and Software Technology10.1016/j.infsof.2024.107545175(107545)Online publication date: Nov-2024
https://doi.org/10.1016/j.infsof.2024.107545
Nguyen HAbri FPham VChatterjee MNamin ADang T(2022)MalView: Interactive Visual Analytics for Comprehending Malware BehaviorIEEE Access10.1109/ACCESS.2022.320778210(99909-99930)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3207782
Show More Cited By

Index Terms

MalViz: an interactive visualization tool for tracing malware
1. Computer systems organization
  1. Dependable and fault-tolerant systems and networks
    1. Redundancy
  2. Embedded and cyber-physical systems
    1. Embedded systems
    2. Robotics

Recommendations

Malware analysis method using visualization of binary files
RACS '13: Proceedings of the 2013 Research in Adaptive and Convergent Systems

Malware authors have been generating and disseminating malware variants through various ways, such as reusing modules or using automated malware generation tools. With the help of the malware generation techniques, the number of malware keeps increasing ...
Detecting trigger-based behaviors in botnet malware
RACS '15: Proceedings of the 2015 Conference on research in adaptive and convergent systems

Malware often hides malicious behaviors which are triggered when constraints are satisfied. The trigger-based behavior makes malware detection harder, and requires manual analysis. The number of daily submitted malware has been increasing, while the ...
Detecting environment-sensitive malware
RAID'11: Proceedings of the 14th international conference on Recent Advances in Intrusion Detection

The execution of malware in an instrumented sandbox is a widespread approach for the analysis of malicious code, largely because it sidesteps the difficulties involved in the static analysis of obfuscated code. As malware analysis sandboxes increase in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2018

379 pages

ISBN:9781450356992

DOI:10.1145/3213846

General Chair:
Frank Tip
Northeastern University, USA
,
Program Chair:
Eric Bodden
University of Paderborn, Germany / Fraunhofer IEM, Germany

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 July 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

ISSTA '18

Sponsor:

SIGSOFT

ISSTA '18: International Symposium on Software Testing and Analysis

July 16 - 21, 2018

Amsterdam, Netherlands

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
341
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wu LJamonnak SYe XShaw SSaxena NChoi K(2024)Theoretical and Experimental Framework for Estimating Cyber Victimization Risk in a Hybrid Physical-Virtual WorldJournal of Applied Security Research10.1080/19361610.2024.2368969(1-25)Online publication date: 17-Jun-2024
https://doi.org/10.1080/19361610.2024.2368969
Zhou FFan YLv SJiang LChen ZYuan JHan FJiang HBai GZhao Y(2024)FCTree: Visualization of function calls in executionInformation and Software Technology10.1016/j.infsof.2024.107545175(107545)Online publication date: Nov-2024
https://doi.org/10.1016/j.infsof.2024.107545
Nguyen HAbri FPham VChatterjee MNamin ADang T(2022)MalView: Interactive Visual Analytics for Comprehending Malware BehaviorIEEE Access10.1109/ACCESS.2022.320778210(99909-99930)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3207782
Nguyen VJung KGupta V(2021)Examining data visualization pitfalls in scientific publicationsVisual Computing for Industry, Biomedicine, and Art10.1186/s42492-021-00092-y4:1Online publication date: 29-Oct-2021
https://doi.org/10.1186/s42492-021-00092-y
Bohm FEnglbrecht LFriedl SPernul G(2021)Visual Decision-Support for Live Digital Forensics2021 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VizSec53666.2021.00012(58-67)Online publication date: Oct-2021
https://doi.org/10.1109/VizSec53666.2021.00012
Ullah FJavaid QSalam AAhmad MSarwar NShah DAbrar M(2020)Modified Decision Tree Technique for Ransomware Detection at Runtime through API CallsScientific Programming10.1155/2020/88458332020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8845833
Nguyen VJung KDang TBurch MWestenberg MNguyen QZhao Y(2020)Revisiting common pitfalls in graphical representations utilizing a case-based learning approachProceedings of the 13th International Symposium on Visual Information Communication and Interaction10.1145/3430036.3430071(1-5)Online publication date: 8-Dec-2020
https://dl.acm.org/doi/10.1145/3430036.3430071
Böhm FEnglbrecht LPernul G(2020)Designing a Decision-Support Visualization for Live Digital Forensic InvestigationsData and Applications Security and Privacy XXXIV10.1007/978-3-030-49669-2_13(223-240)Online publication date: 18-Jun-2020
https://doi.org/10.1007/978-3-030-49669-2_13
Chatterjee MNamin A(2019)Detecting Phishing Websites through Deep Reinforcement Learning2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2019.10211(227-232)Online publication date: Jul-2019
https://doi.org/10.1109/COMPSAC.2019.10211
Pham VDang T(2018)MTDES: Multi-dimensional Temporal Data Exploration System; Strong Support for Exploratory Analysis Award in VAST 2018, Mini-Challenge 22018 IEEE Conference on Visual Analytics Science and Technology (VAST)10.1109/VAST.2018.8802440(100-101)Online publication date: Oct-2018
https://doi.org/10.1109/VAST.2018.8802440

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten