2 June 2011 Visualization techniques for malware behavior analysis
Author Affiliations +
Malware spread via Internet is a great security threat, so studying their behavior is important to identify and classify them. Using SSDT hooking we can obtain malware behavior by running it in a controlled environment and capturing interactions with the target operating system regarding file, process, registry, network and mutex activities. This generates a chain of events that can be used to compare them with other known malware. In this paper we present a simple approach to convert malware behavior into activity graphs and show some visualization techniques that can be used to analyze malware behavior, individually or grouped.
© (2011) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
André R. A. Grégio, André R. A. Grégio, Rafael D. C. Santos, Rafael D. C. Santos, } "Visualization techniques for malware behavior analysis", Proc. SPIE 8019, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X, 801905 (2 June 2011); doi: 10.1117/12.883441; https://doi.org/10.1117/12.883441


Back to Top