MalView: Interactive Visual Analytics for Comprehending Malware Behavior

Authors

Huyen N. Nguyen, Texas Tech University
Faranak Abri, San Jose State UniversityFollow
Vung Pham, Sam Houston State University
Moitrayee Chatterjee, New Jersey City University
Akbar Siami Namin, Texas Tech University
Tommy Dang, Texas Tech University

Publication Date

1-1-2022

Document Type

Article

Publication Title

IEEE Access

Volume

10

DOI

10.1109/ACCESS.2022.3207782

First Page

99909

Last Page

99930

Abstract

Malicious applications are usually comprehended through two major techniques, namely static and dynamic analyses. Through static analysis, a given malicious program is parsed, and some representative artifacts (e.g., control-flow graphs) are produced without any execution; whereas, the given malicious application needs to be executed when conducting dynamic analysis. These two mainstream techniques for analyzing the given software are effective in detecting certain classes of malware. More specifically, through static analysis, the patterns and signature of the malware are exposed, helping in detecting any known malicious payload hidden in or injected into the code. On the other hand, behavioral and run-time execution patterns of software are explored through dynamic analysis. To ease the analysis process, a third analysis approach, known as the visual representation of the artifacts created by both static and dynamic analysis tools, would also be a supplementary asset for malware experts. This paper introduces MalView, an interactive visualization platform, for malware analysis by which pattern matching techniques on both signature-based and behavioral analysis artifacts can be utilized to 1) classify malware, 2) identify the intention and location of the malicious payload in the artifacts, 3) analyze unknown malware (i.e., zero-day malware) by recognizing any unusual signature or behavior, and 4) explore the time dependencies and thus the system components affected or tampered by the underlying malware. The results of several case studies conducted in this work show that MalView offers more features and information compared to some other visualization tools, facilitating the malware analysis process.

Funding Number

1821560

Funding Sponsor

National Science Foundation

Keywords

dynamic analysis, Malware analysis, malware visualization system, visual analytics

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Department

Computer Science

Recommended Citation

Huyen N. Nguyen, Faranak Abri, Vung Pham, Moitrayee Chatterjee, Akbar Siami Namin, and Tommy Dang. "MalView: Interactive Visual Analytics for Comprehending Malware Behavior" IEEE Access (2022): 99909-99930. https://doi.org/10.1109/ACCESS.2022.3207782