Skip to main content
SpringerLink
Log in

Interactive, Visual-Aided Tools to Analyze Malware Behavior

  • Conference paper
Computational Science and Its Applications – ICCSA 2012 (ICCSA 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7336))

Included in the following conference series:

Abstract

Malicious software attacks can disrupt information systems, violating security principles of availability, confidentiality and integrity. Attackers use malware to gain control, steal data, keep access and cover traces left on the compromised systems. The dynamic analysis of malware is useful to obtain an execution trace that can be used to assess the extent of an attack, to do incident response and to point to adequate counter-measures. An analysis of the captured malware can provide analysts with information about its behavior, allowing them to review the malicious actions performed during its execution on the target. The behavioral data gathered during the analysis consists of filesystem and network activity traces; a security analyst would have a hard time sieving through a maze of textual event data in search of relevant information. We present a behavioral event visualization framework that allows for an easier realization of the malicious chain of events and for quickly spotting interesting actions performed during a security compromise. Also, we analyzed more than 400 malware samples from different families and showed that they can be classified based on their visual signature. Finally, we distribute one of our tools to be freely used by the community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Buehlmann, S., Liebchen, C.: Joebox: a secure sandbox application for windows to analyse the behaviour of malware, http://www.joebox.org

  2. Clam antivirus, http://www.clamav.net

  3. Conti, G., Dean, E., Sinda, M., Sangster, B.: Visual Reverse Engineering of Binary and Data Files. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 1–17. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Eick, S.G., Steffen, J.L., Sumner Jr., E.E.: Seesoft—A Tool for Visualizing Line Oriented Software Statistics. IEEE Transactions on Software Engineering 18(11), 957–968 (1992)

    Article  Google Scholar 

  5. Grégio, A.R.A., Oliveira, I.L., dos Santos, R.D.C., Cansian, A.M., de Geus, P.L.: Malware distributed collection and pre-classification system using honeypot technology. In: Proceedings of SPIE, vol. 7344, pp. 73440B–73440B-10 (2009)

    Google Scholar 

  6. Grégio, A.R.A., Fernandes Filho, D.S., Afonso, V.M., dos Santos, R.D.C., Jino, M., de Geus, P.L.: Behavioral analysis of malicious code through network traffic and system call monitoring. In: Proceedings of SPIE, vol. 8059, pp. 80590O–80590O-10 (2011)

    Google Scholar 

  7. The Honeynet Project. Dionaea, http://dionaea.carnivore.it

  8. Kruegel, C., Kirda, E., Bayer, U.: Ttanalyze: A tool for analyzing malware. In: Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference (2006)

    Google Scholar 

  9. MBS Tool. Malicious Behavior’s Spiral - Beta version, http://www.las.ic.unicamp.br/~gregio/mbs

  10. Provos, N., Holz, T.: Virtual Honeypots: from botnet tracking to intrusion detection. Addison-Wesley Professional (2007)

    Google Scholar 

  11. Provos, N.: Honeyd - A Virtual Honeypot Daemon. In: 10th DFNCERT Workshop (2003)

    Google Scholar 

  12. Quist, D., Liebrock, L.: Visualizing Compiled Executables for Malware Analysis. In: Proceedings of the Workshop on Visualization for Cyber Security, pp. 27–32 (2009)

    Google Scholar 

  13. Read, H., Xynos, K., Blyth, A.: Presenting DEViSE: Data Exchange for Visualizing Security Events. IEEE Computer Graphics and Applications 29, 6–11 (2009)

    Article  Google Scholar 

  14. ThreatExpert, http://www.threatexpert.com

  15. Trinius, P., Holz, T., Gobel, J., Freiling, F.C.: Visual analysis of malware behavior using treemaps and thread graphs. In: International Workshop on Visualization for Cyber Security(VizSec), pp. 33–38 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Renato Archer IT Research Center (CTI/MCT), Campinas, SP, Brazil

    André Ricardo Abed Grégio

  2. University of Campinas (Unicamp), Campinas, SP, Brazil

    André Ricardo Abed Grégio, Alexandre Or Cansian Baruque, Vitor Monte Afonso, Dario Simões Fernandes Filho, Paulo Lício de Geus & Mario Jino

  3. Brazilian Institute, Space Research (INPE/MCT), S. J. dos Campos, SP, Brazil

    Rafael Duarte Coelho dos Santos

Authors
  1. André Ricardo Abed Grégio
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandre Or Cansian Baruque
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vitor Monte Afonso
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dario Simões Fernandes Filho
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Paulo Lício de Geus
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Mario Jino
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Rafael Duarte Coelho dos Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Laboratory of Urban and Territorial Systems, University of Basilicata, 10, Viale dell’Ateneo Lucano, 85100, Potenza, Italy

    Beniamino Murgante

  2. Department of Mathematics and Computer Science, University of Perugia, Via Vanvitelli 1, 06123, Perugia, Italy

    Osvaldo Gervasi

  3. Department of Cyber Security Science, Federal University of Technology, Gidan Kwano Campus, Minna, Nigeria

    Sanjay Misra

  4. Faculty of Engineering, Department of Electronics Engineering and Telecommunications, State University of Rio de Janeiro, Rua Sao Francisco Xavier, 524, 50. andar, sala 5145-F, Maracana, 20, 550-013, Rio de Janeiro, RJ, Brazil

    Nadia Nedjah

  5. Department of Production and Systems, University of Minho, Campus de Gualtar, 4710-057, Braga, Portugal

    Ana Maria A. C. Rocha

  6. School of Business Systems, Monash University, 3800, Clayton, VIC, Australia

    David Taniar

  7. Department of Intelligent Informatics, Kyushu Sangyo University, 2-3-1 Matsukadai, Higashi-ku, 813-8503, Fukuoka, Japan

    Bernady O. Apduhan

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Grégio, A.R.A. et al. (2012). Interactive, Visual-Aided Tools to Analyze Malware Behavior. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2012. ICCSA 2012. Lecture Notes in Computer Science, vol 7336. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31128-4_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31128-4_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31127-7

  • Online ISBN: 978-3-642-31128-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation