MalViz:用于跟踪恶意软件的交互式可视化工具

Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2018-07-12 DOI:10.1145/3213846.3229501

V. Nguyen, A. Namin, Tommy Dang

{"title":"MalViz:用于跟踪恶意软件的交互式可视化工具","authors":"V. Nguyen, A. Namin, Tommy Dang","doi":"10.1145/3213846.3229501","DOIUrl":null,"url":null,"abstract":"This demonstration paper introduces MalViz, a visual analytic tool for analyzing malware behavioral patterns through process monitoring events. The goals of this tool are: 1) to investigate the relationship and dependencies among processes interacted with a running malware over a certain period of time, 2) to support professional security experts in detecting and recognizing unusual signature-based patterns exhibited by a running malware, and 3) to help users identify infected system and users' libraries that the malware has reached and possibly tampered. A case study is conducted in a virtual machine environment with a sample of four malware programs. The result of the case study shows that the visualization tool offers a great support for experts in software and system analysis and digital forensics to profile and observe malicious behavior and further identify the traces of affected software artifacts.","PeriodicalId":20542,"journal":{"name":"Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"43 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2018-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"MalViz: an interactive visualization tool for tracing malware\",\"authors\":\"V. Nguyen, A. Namin, Tommy Dang\",\"doi\":\"10.1145/3213846.3229501\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This demonstration paper introduces MalViz, a visual analytic tool for analyzing malware behavioral patterns through process monitoring events. The goals of this tool are: 1) to investigate the relationship and dependencies among processes interacted with a running malware over a certain period of time, 2) to support professional security experts in detecting and recognizing unusual signature-based patterns exhibited by a running malware, and 3) to help users identify infected system and users' libraries that the malware has reached and possibly tampered. A case study is conducted in a virtual machine environment with a sample of four malware programs. The result of the case study shows that the visualization tool offers a great support for experts in software and system analysis and digital forensics to profile and observe malicious behavior and further identify the traces of affected software artifacts.\",\"PeriodicalId\":20542,\"journal\":{\"name\":\"Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis\",\"volume\":\"43 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3213846.3229501\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3213846.3229501","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

本文介绍了MalViz，一个通过进程监控事件分析恶意软件行为模式的可视化分析工具。该工具的目标是:1)调查在一段时间内与正在运行的恶意软件交互的进程之间的关系和依赖关系;2)支持专业安全专家检测和识别正在运行的恶意软件所显示的不寻常的基于签名的模式;3)帮助用户识别恶意软件已经到达并可能被篡改的受感染系统和用户库。在虚拟机环境中，以四个恶意软件程序为例进行了案例研究。案例研究的结果表明，可视化工具为软件和系统分析以及数字取证专家提供了巨大的支持，以分析和观察恶意行为，并进一步识别受影响的软件工件的踪迹。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

MalViz: an interactive visualization tool for tracing malware

This demonstration paper introduces MalViz, a visual analytic tool for analyzing malware behavioral patterns through process monitoring events. The goals of this tool are: 1) to investigate the relationship and dependencies among processes interacted with a running malware over a certain period of time, 2) to support professional security experts in detecting and recognizing unusual signature-based patterns exhibited by a running malware, and 3) to help users identify infected system and users' libraries that the malware has reached and possibly tampered. A case study is conducted in a virtual machine environment with a sample of four malware programs. The result of the case study shows that the visualization tool offers a great support for experts in software and system analysis and digital forensics to profile and observe malicious behavior and further identify the traces of affected software artifacts.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

自引率

0.00%

发文量