2 June 2011 Visualization techniques for malware behavior analysis
Author Affiliations +
Malware spread via Internet is a great security threat, so studying their behavior is important to identify and classify them. Using SSDT hooking we can obtain malware behavior by running it in a controlled environment and capturing interactions with the target operating system regarding file, process, registry, network and mutex activities. This generates a chain of events that can be used to compare them with other known malware. In this paper we present a simple approach to convert malware behavior into activity graphs and show some visualization techniques that can be used to analyze malware behavior, individually or grouped.
© (2011) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
André R. A. Grégio, André R. A. Grégio, Rafael D. C. Santos, Rafael D. C. Santos, "Visualization techniques for malware behavior analysis", Proc. SPIE 8019, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X, 801905 (2 June 2011); doi: 10.1117/12.883441; https://doi.org/10.1117/12.883441


Back to Top