Signature visualization of software binaries

Panas, Thomas

doi:10.1145/1409720.1409749

Cited by 7 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Panas [46] visualized software binaries in order to demonstrate malware samples. In their approach, they first disassemble the file to obtain the Abstract Syntax Tree (AST) and then provided the intermediate representation of the file by using ROSE [47], an open-source compiler.…”

Section: A Signature-based Features/static Analysismentioning

confidence: 99%

MalView: Interactive Visual Analytics for Comprehending Malware Behavior

et al. 2022

View full text Add to dashboard Cite

Malicious applications are usually comprehended through two major techniques, namely static and dynamic analyses. Through static analysis, a given malicious program is parsed, and some representative artifacts (e.g., control-flow graphs) are produced without any execution; whereas, the given malicious application needs to be executed when conducting dynamic analysis. These two mainstream techniques for analyzing the given software are effective in detecting certain classes of malware. More specifically, through static analysis, the patterns and signature of the malware are exposed, helping in detecting any known malicious payload hidden in or injected into the code. On the other hand, behavioral and run-time execution patterns of software are explored through dynamic analysis. To ease the analysis process, a third analysis approach, known as the visual representation of the artifacts created by both static and dynamic analysis tools, would also be a supplementary asset for malware experts. This paper introduces "MalView", an interactive visualization platform, for malware analysis by which pattern matching techniques on both signature-based and behavioral analysis artifacts can be utilized to 1) classify malware, 2) identify the intention and location of the malicious payload in the artifacts, 3) analyze unknown malware (i.e., zero-day malware) by recognizing any unusual signature or behavior, and 4) explore the time dependencies and thus the system components affected or tampered by the underlying malware. The results of several case studies conducted in this work show that MalView offers more features and information compared to some other visualization tools, facilitating the malware analysis process.INDEX TERMS Malware analysis, dynamic analysis, malware visualization system, visual analytics.

show abstract

Section: A Signature-based Features/static Analysismentioning

confidence: 99%

MalView: Interactive Visual Analytics for Comprehending Malware Behavior

et al. 2022

View full text Add to dashboard Cite

show abstract

“…VRCS [174] visualizes software revision histories using the Z axis as a time axis to represent the different revisions of each file. Panas [231] visualizes the evolution of the signatures of software binaries to find malicious code. Theron et al [327] visualize the evolution of baselines and revisions of artifacts from software repositories.…”

Section: Evolution Visualizationmentioning

confidence: 99%

Collaborative Software Visualization in Co-located Environments

Anslow¹

View full text Add to dashboard Cite

<p>Most software visualization systems and tools are designed from a single-user perspective and are bound to the desktop and IDEs. These design decisions do not allow users to analyse software collaboratively or to easily interact and navigate visualizations within a co-located environment at the same time. This thesis presents an exploratory study of collaborative software visualization using multi-touch tables in a co-located environment. The thesis contributes a richer understanding of how pairs of developers make use of shared visualizations on large multi-touch tables to gain insight into the design of software systems. We designed a collaborative software visualization application, called Source-Vis, that contained a suite of 13 visualization techniques adapted for multi-touch interaction. We built two large multi-touch tables (28 and 48 inches) following existing hardware designs, to explore and evaluate SourceVis. We then conducted both qualitative and quantitative user studies, culminating in a study of 44 professional software developers working in pairs. We found that pairs preferred joint group work, used a variety of coupling styles, and made many transitions between coupling and arrangement styles. For collaborative group work we recommend designing for joint group work over parallel individual work, supporting a flexible variety of coupling styles, and supporting fluid transitions between coupling and arrangement styles. We found that the preferred style for joint group work was closely coupled and arranged side by side. We found some global functionally was not easily accessible. We found some of the user interactions and visual interface elements were not designed consistently. For the design of collaborative software visualizations we recommend designing visualizations for closely coupled arrangements with rotation features, providing functionality in the appropriate locality, and providing consistent user interactions and visual interface design. We found sometimes visualization windows overlapped each other and text was hard to read in windows. We found when pairs were performing joint group work the size of the table was appropriate but not for parallel individual. We found that because the table could not differentiate between different simultaneous users that some pair interactions were limited. For the design of multi-touch tables we recommend providing a high resolution workspace, providing appropriate table space, and differentiating between simultaneous user interactions.</p>

show abstract

Experiments with Malware Visualization

Yap

2013

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

Signature visualization of software binaries

Cited by 7 publications

References 4 publications

MalView: Interactive Visual Analytics for Comprehending Malware Behavior

MalView: Interactive Visual Analytics for Comprehending Malware Behavior

Collaborative Software Visualization in Co-located Environments

Experiments with Malware Visualization

Contact Info

Product

Resources

About