Malware Visualization Techniques

Abstract

Malware basically means malicious software that can be an intrusive program code or anything that is designed to perform malicious operations on system and executes malicious actions such as clandestine, listening, monitoring, saving, and deleting without the user's knowledge and consent. Malware review and analysis requires an advanced level of programming knowledge, in-depth file systems knowledge, deep code inspection, and reverse engineering capability. New techniques are needed to reduce indirect costs of malware analysis. This paper aims to provide insights into the malware visualization techniques and its applications, most common malware types and the extracted features that used to identify the malware are demonstrated in this study. In this work, Systematic Literature Review (SLR) conducted to investigate the current state of knowledge about Malware detection techniques, data visualization and malware features. An advanced research has been carried out in most relevant digital libraries for potential published articles. 90 preliminary studies (PS) were determined on the basis of inclusion and exclusion criteria. The analytical study is based mainly on the PSs to achieve the goals. The results clarify the importance of visualization techniques and which are the most common malware as well as the most useful features. Several ways to visualize malware to help malware analysts have been suggested.

Keywords

• Visualization Techniques,Malware Detection Technique,Extracted Features,Malware Classification,Malware Survey

References

1. Zhang, Y., et al., A survey of cyber crimes. Security and Communication Networks, 2012. 5(4): p. 422-437.
2. Bazrafshan, Z., et al. A survey on heuristic malware detection techniques. in The 5th Conference on Information and Knowledge Technology. 2013.
3. La Polla, M., F. Martinelli, and D. Sgandurra, A Survey on Security for Mobile Devices. IEEE Communications Surveys & Tutorials, 2013. 15(1): p. 446-471.
4. Meng, G., et al., Mystique: Evolving Android Malware for Auditing Anti-Malware Tools, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 2016, ACM: Xi'an, China. p. 365-376.
5. Vemparala, S., et al., Malware Detection Using Dynamic Birthmarks, in Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics. 2016, ACM: New Orleans, Louisiana, USA. p. 41-46.
6. Dang-Pham, D. and S. Pittayachawan, Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: A Protection Motivation Theory approach. Computers & Security, 2015. 48: p. 281-297.
7. Meng, G., et al., Semantic modelling of Android malware for effective malware comprehension, detection, and classification, in Proceedings of the 25th International Symposium on Software Testing and Analysis. 2016, ACM: Saarbrücken, Germany. p. 306-317.
8. Han, K., J.H. Lim, and E.G. Im, Malware analysis method using visualization of binary files, in Proceedings of the 2013 Research in Adaptive and Convergent Systems. 2013, ACM: Montreal, Quebec, Canada. p. 317-321.

9. Grégio, A.R.A. and R.D.C. Santos. Visualization techniques for malware behavior analysis. in SPIE Defense, Security, and Sensing. 2011. SPIE.
10. Kitchenham, B. and S. Charters, Guidelines for performing systematic literature reviews in softwareengineering, Technical Report EBSE-2007-01 Ver. 2.3, School of Computer Science and Mathematics, Keele University
11. K.K., P., B. N.M.W.M., and D.V. N.K., Systematic review: School health promotion interventions targeting physical activity and nutrition can improve academic performance in primary‐ and middle school children. Health Education, 2013. 113(5): p. 372-391.
12. Shea, B.J., et al., Development of AMSTAR: a measurement tool to assess the methodological quality of systematic reviews. BMC Medical Research Methodology, 2007. 7(1): p. 10.
13. Feizollah, A., et al., A review on feature selection in mobile malware detection. Digital Investigation, 2015. 13: p. 22-37.
14. Ye, Y., et al., A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv., 2017. 50(3): p. 1-40.
15. Jacob, G., H. Debar, and E. Filiol, Behavioral detection of malware: from a survey towards an established taxonomy. Journal in Computer Virology, 2008. 4(3): p. 251-266.
16. Elhadi, A., M. Maarof, and A. Hamza Osman, Malware Detection Based on Hybrid Signature Behaviour Application Programming Interface Call Graph. Vol. 9. 2012. 283-288.
17. Idika, N. and A. Mathur, A survey of malware detection techniques. 2007: Department of Computer Science, Purdue University.
18. Zolkipli, M.F. and A. Jantan. Malware Behavior Analysis: Learning and Understanding Current Malware Threats. in 2010 Second International Conference on Network Applications, Protocols and Services. 2010.
19. Rana, H. and M. Stamp, Hunting for Pirated Software Using Metamorphic Analysis. Information Security Journal: A Global Perspective, 2014. 23(3): p. 68-85.
20. Moser, A., C. Kruegel, and E. Kirda. Limits of Static Analysis for Malware Detection. in Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007). 2007.
21. Markel, Z.A., Machine Learning Based Malware Detection Trident Scholar Report 2015 no. 440 U.S. Naval Academy Annapolis, MD 21402
22. Pektaş, A. and T. Acarman, Malware classification based on API calls and behaviour analysis. IET Information Security, 2018. 12(2): p. 107-117.
23. Chan Lee, Y., et al. A static and dynamic visual debugger for malware analysis. in 2012 18th Asia-Pacific Conference on Communications (APCC). 2012.
24. Lee, D., et al. A Study on Malicious Codes Pattern Analysis Using Visualization. in 2011 International Conference on Information Science and Applications. 2011.
25. Shiravi, H., A. Shiravi, and A.A. Ghorbani, A survey of visualization systems for network security. IEEE Transactions on visualization and computer graphics, 2012. 18(8): p. 1313-1329.
26. Shaid, S.Z.M. and M.A. Maarof. Malware behavior image for malware variant identification. in Biometrics and Security Technologies (ISBAST), 2014 International Symposium on. 2014.
27. Wagner, M., et al., A Survey of Visualization Systems for Malware Analysis. 2015.
28. Bazrafshan, Z., et al. A survey on heuristic malware detection techniques. in Information and Knowledge Technology (IKT), 2013 5th Conference on. 2013.
29. Trinius, P., et al. Visual analysis of malware behavior using treemaps and thread graphs. in 2009 6th International Workshop on Visualization for Cyber Security. 2009.
30. Herman, I., G. Melancon, and M.S. Marshall, Graph visualization and navigation in information visualization: A survey. IEEE Transactions on Visualization and Computer Graphics, 2000. 6(1): p. 24-43.
31. Cheng, j.y. HpfeedsHoneyGraph - Automated Attack Graph Construction for Hpfeeds Logs. 2012; Available from: https://www.honeynet.org/node/957.
32. Han, K., B. Kang, and E.G. Im, Malware Analysis Using Visualized Image Matrices. The Scientific World Journal, 2014. p. 15.
33. Nataraj, L., et al., Malware images: visualization and automatic classification, in Proceedings of the 8th International Symposium on Visualization for Cyber Security. 2011, ACM: Pittsburgh, Pennsylvania, USA. p. 1-7.
34. Marty, R., Applied Security Visualization. 2008: Addison-Wesley Professional.
35. Kim, H., et al., Improvement of malware detection and classification using API call sequence alignment and visualization. Cluster Computing, 2017.
36. Kaspersky. Cyberthreats Map: watch global threats in real time. 2014 29/03/2018]; Available from: https://cybermap.kaspersky.com/.
37. Bond, T. Visualizing Firewall Log Data to Detect Security Incidents. 2009 29-03-2018]; Available from: https://www.sans.org/reading-room/whitepapers/metrics/security-data-visualization-36387.
38. Attipoe, A.E., et al., Visualization Tools for Network Security. Electronic Imaging, 2016. (1): p. 1-8.
39. Marty, R., Applied security visualization. 2009: Addison-Wesley Upper Saddle River.
40. Muhammad, T. and Z. Halim, Employing artificial neural networks for constructing metadata-based model to automatically select an appropriate data visualization technique. Applied Soft Computing, 2016. p. 365-384.
41. Medvedev, G.D., M. Virginijus, and Viktor, Web Application for Large-Scale Multidimensional Data Visualization. http://dx.doi.org.ezproxy.psz.utm.my/10.3846/13926292.2011.580381, 2011.
42. Shabtai, A., et al., Monitoring, analysis, and filtering system for purifying network traffic of known and unknown malicious content. Security and Communication Networks, 2011. 4(8): p. 947-965.
43. Chen, Y., et al. Multiple sequence alignment and artificial neural networks for malicious software detection. in 2012 8th International Conference on Natural Computation, ICNC 2012. 2012. Chongqing.
44. Metcalf, L. and W. Casey, Chapter 7 - Visualizing cybersecurity data, in Cybersecurity and Applied Mathematics. 2016, Syngress: Boston. p. 113-134.
45. Liao, Q., et al., Managing networks through context: Graph visualization and exploration. Computer Networks, 2010. 54(16): p. 2809-2824.
46. Han, K., B. Kang, and E.G. Im, Malware analysis using visualized image matrices. ScientificWorldJournal, 2014: p. 132713.
47. Han, K.S., et al., Malware analysis using visualized images and entropy graphs. International Journal of Information Security, 2015. 14(1): p. 1-14.
48. Blank, D., A. Henrich, and S. Kufer, Using Summaries to Search and Visualize Distributed Resources Addressing Spatial and Multimedia Features. Datenbank-Spektrum, 2016. (1): p. 67-76.
49. Idika, N. and A.P. Mathur, A survey of malware detection techniques. Purdue University, 2007. .
50. Somarriba, O., et al., Detection and Visualization of Android Malware Behavior. Journal of Electrical and Computer Engineering, 2016.
51. Zhao, Z., J. Wang, and J. Bai, Malware detection method based on the control-flow construct feature of software. IET Information Security IEEE, 2014. 8(1): p. 18-24.
52. Corchado, E. and Á. Herrero, Neural visualization of network traffic data for intrusion detection. Applied Soft Computing, 2011. 11(2): p. 2042-2056.
53. Kiran, L., et al. Closing-the-loop in NVisionIP: integrating discovery and search in security visualizations. in IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05). 2005.
54. Conti, G., et al. Visual Reverse Engineering of Binary and Data Files. in Visualization for Computer Security. 2008. Berlin, Heidelberg: Springer Berlin Heidelberg.
55. Kancherla, K. and S. Mukkamala. Image visualization based malware detection. in 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS). 2013.
56. Ecemiş, A. , Küçüksille, E. U. , Yalçınkaya, M. A. "Yaygın Görülen Dosya Enjeksiyon Zararlılarının Analizi ve Sistematik Olarak Tespiti". Niğde Ömer Halisdemir Üniversitesity, Journal of Engineering Sciences, 7/2 2018:478-489. https://doi.org/10.28948/ngumuh.443149