Analysis of Feature Categories for Malware Visualization

Ganthan Narayana Samy, Pritheega Magalingam, Aswami Fadillah Mohd Ariffin, Wafa Mohd Khairudin, Mohamad Firham Efendy Md Senan, Zahri Hj Yunos

Abstract


It is important to know which features are more effective for certain visualization types. Furthermore, selecting an appropriate visualization tool plays a key role in descriptive, diagnostic, predictive and prescriptive analytics. Moreover, analyzing the activities of malicious scripts or codes is dependent on the extracted features. In this paper, the authors focused on reviewing and classifying the most common extracted features that have been used for malware visualization based on specified categories. This study examines the features categories and its usefulness for effective malware visualization. Additionally, it focuses on the common extracted features that have been used in the malware visualization domain. Therefore, the conducted literature review finding revealed that the features could be categorized into four main categories, namely, static, dynamic, hybrid, and application metadata. The contribution of this research paper is about feature selection for illustrating which features are effective with which visualization tools for malware visualization.

Keywords


Features; Malware; Malware Visualization; Visualization Tools;

Full Text:

PDF

References


H. Shiravi, A. Shiravi, and A. A. Ghorbani, "A survey of visualization systems for network security", IEEE Transactions on visualization and computer graphics, vol. 18, pp. 1313-1329, Aug. 2012.

A. Shabtai, D. Potashnik, Y. Fledel, R.Moskovitch and Y. Elovici, "Monitoring, analysis, and filtering system for purifying network traffic of known and unknown malicious content," Security and Communication Networks, vol. 4, 8, pp. 947-965, Aug. 2011.

A.R., Mohd Faizal, A., Nor Badrul, S., Rosli, and F., Ahmad Firdaus, "The rise of malware," Network and Computer Applications. J., vol. 75, pp. 58-76, Nov. 2016.

M. Wagner, A.Rind, N.Thur and W. Aigner, "A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS," Computers & Security, vol. 67, pp. 1-15, June. 2017.

A. Feizollah, N. B. Anuar, R. SallehMarch 201, and A.W.A.Wahab, "A review on feature selection in mobile malware detection," Digital Investigation, vol. 13, pp. 22-37, June. 2015.

J. Kim, and J. M. Youn, "Dynamic Analysis Bypassing Malware Detection Method Utilizing Malicious Behavior Visualization and Similarity," In Conf. International Conference on Multimedia and Ubiquitous Engineering(MUE 2017), Seoul, 2017, pp. 560-565.

Sophos Ltd, SophosLabs 2018 Malware Forecast. Oxford, UK: Abingdon Science Park, 2017.

S. Z. M. Shaid and M.A. Maarof, "Malware behavior image for malware variant identification," in Conf. International Symposium on Biometrics and Security Technologies (ISBAST), Kuala Lumpur, 2014, pp. 238-243.

K. Han, J.H. Lim and E,G. Im, "Malware analysis method using visualization of binary files," in Proc. Research in Adaptive and Convergent Systems, Quebec, 2013, pp. 317-321.

V. Sitalakshmi, and A. Mamoun, " Classification of Malware Using Visualisation of Similarity Matrices," In Conf. 2017 Cybersecurity and Cyberforensics Conference (CCC), London, 2017, pp.3-8.

P. Burnap, R. French, F. Turner and K. Jones, "Malware classification using self organising feature maps and machine activity data," Computers & Security, vol. 73, pp. 399-410, March. 2018.

Z. U. Rehman, N.K Sidra, M. Khan, J. W. Lee, M. "Machine learningassisted signature and heuristic-based detection of malwares in Android devices," Computers and Electrical Engineering.,

Z. Zongqu, W. Junfeng and B. Jinrong, "Malware detection method based on the control-flow construct feature of software," IET Information Security, vol.8, pp. 18-24, 2014.

T. Dube, R. Raines, G. Peterson, K. Bauer, M. Grimaila and S. Rogers, "Malware target recognition via static heuristics," Computers & Security. J., vol.31, pp. 137-147, Feb. 2012.

T. Ronghua, B. Lynn, I. Rafiqul and V. Steve, "An automated classification system based on the strings of trojan and virus families," in Conf. 4th International Conference on Malicious and Unwanted Software (MALWARE), Quebec, 2009, pp. 23-30.

S. Asaf, M. Robert, E. Yuval and G. Chanan, "Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey," Information Security Technical Report., vol.14, pp.16-29, Feb. 2009.

R. Andre, A. Gregio, D. Rafael, C. Santos, "Visualization techniques for malware behavior analysis," SPIE Defense, Security, and Sensing. International Society for Optics and Photonics, 801905-9, 2011.In Proc. Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense, Florida, 2011, pp. 1-9.

T. Muhammad and Z. Halim, "Employing artificial neural networks for constructing metadata-based model to automatically select an appropriate data visualization technique," Applied Soft Computing, vol.49, pp. 365-384, Dec. 2016.

K. Abdullah, C. Lee, G. Conti, and J.A. Copeland, "Visualizing network data for intrusion detection," In Proc. Sixth Annual IEEE SMC Information Assurance Workshop, New York, 2005. pp. 100-108.

T. Goldring, " Plots for visualizing user profiling data and network traffic," In Proc. 2004 ACM workshop on Visualization and data mining for computer security, Washington DC, 2004, pp.119-123.

E. Corchado, and A. Herrero, "Neural visualization of network traffic data for intrusion detection," Applied Soft Computing, vol.11, pp. 2042- 2056, March. 2011.

A. Herrero, E. Corchado, M. A. Pellicer, and A. Abraham, "A. MOVIH-IDS: A mobile-visualization hybrid intrusion detection system," Neurocomputing, vol. 72, pp. 2775-2784, Aug. 2009.

J. Pearlman, and P. Rheingans, "Visualizing network security events using compound glyphs from a service-oriented perspective,". Berlin, Heidelberg: Springer, 2007, pp. 131-146.

F. Mansman, L. Meier and D. A. Keim, "Visualization of host behavior for network security," Berlin, Heidelberg: Springer, 2008, pp. 187-202.

D. Gianluca, M. Fabio, S. Andrea and S. Daniele, "MADAM: a multilevel anomaly detector for android malware," In International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, 2012, pp.240-253.

B. Amos, H. Turner, and J. White, "Applying machine learning classifiers to dynamic android malware detection at scale," In Conf. 9th International wireless communications and mobile computing conference (IWCMC), Sardinia, 2013, pp.1666-1671.

H.S. Ham, and M.J. Choi, "Analysis of android malware detection performance using machine learning classifiers," In Conf. 2013 International Conference on ICT Convergence (ICTC), Jeju, 2013, pp. 490-495.

A. Gianazza, A, F. Maggi, A. Fattori, L. Cavallaro, and S. Zanero, "Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications," arXiv preprint arXiv, vol. 1402.4826, Feb. 2014.

S. Ravichandran, R.K. Chandrasekar, A. Selcuk Uluagac, and R. Beyah, "A simple visualization and programming framework for wireless sensor networks: PROVIZ," Ad Hoc Networks, vol. 53, pp. 1- 16, Dec. 2016.

V. Hoffmann, J., Neumann, S., & Holz, T, "Mobile malware detection based on energy fingerprints- A dead end," In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), Saint Lucia, 2013, pp.348-368.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

ISSN: 2180-1843

eISSN: 2289-8131