Analysis of Feature Categories for Malware Visualization
Keywords:
Features, Malware, Malware Visualization, Visualization Tools,Abstract
It is important to know which features are more effective for certain visualization types. Furthermore, selecting an appropriate visualization tool plays a key role in descriptive, diagnostic, predictive and prescriptive analytics. Moreover, analyzing the activities of malicious scripts or codes is dependent on the extracted features. In this paper, the authors focused on reviewing and classifying the most common extracted features that have been used for malware visualization based on specified categories. This study examines the features categories and its usefulness for effective malware visualization. Additionally, it focuses on the common extracted features that have been used in the malware visualization domain. Therefore, the conducted literature review finding revealed that the features could be categorized into four main categories, namely, static, dynamic, hybrid, and application metadata. The contribution of this research paper is about feature selection for illustrating which features are effective with which visualization tools for malware visualization.References
H. Shiravi, A. Shiravi, and A. A. Ghorbani, "A survey of visualization systems for network security", IEEE Transactions on visualization and computer graphics, vol. 18, pp. 1313-1329, Aug. 2012.
A. Shabtai, D. Potashnik, Y. Fledel, R.Moskovitch and Y. Elovici, "Monitoring, analysis, and filtering system for purifying network traffic of known and unknown malicious content," Security and Communication Networks, vol. 4, 8, pp. 947-965, Aug. 2011.
A.R., Mohd Faizal, A., Nor Badrul, S., Rosli, and F., Ahmad Firdaus, "The rise of malware," Network and Computer Applications. J., vol. 75, pp. 58-76, Nov. 2016.
M. Wagner, A.Rind, N.Thur and W. Aigner, "A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS," Computers & Security, vol. 67, pp. 1-15, June. 2017.
A. Feizollah, N. B. Anuar, R. SallehMarch 201, and A.W.A.Wahab, "A review on feature selection in mobile malware detection," Digital Investigation, vol. 13, pp. 22-37, June. 2015.
J. Kim, and J. M. Youn, "Dynamic Analysis Bypassing Malware Detection Method Utilizing Malicious Behavior Visualization and Similarity," In Conf. International Conference on Multimedia and Ubiquitous Engineering(MUE 2017), Seoul, 2017, pp. 560-565.
Sophos Ltd, SophosLabs 2018 Malware Forecast. Oxford, UK: Abingdon Science Park, 2017.
S. Z. M. Shaid and M.A. Maarof, "Malware behavior image for malware variant identification," in Conf. International Symposium on Biometrics and Security Technologies (ISBAST), Kuala Lumpur, 2014, pp. 238-243.
K. Han, J.H. Lim and E,G. Im, "Malware analysis method using visualization of binary files," in Proc. Research in Adaptive and Convergent Systems, Quebec, 2013, pp. 317-321.
V. Sitalakshmi, and A. Mamoun, " Classification of Malware Using Visualisation of Similarity Matrices," In Conf. 2017 Cybersecurity and Cyberforensics Conference (CCC), London, 2017, pp.3-8.
P. Burnap, R. French, F. Turner and K. Jones, "Malware classification using self organising feature maps and machine activity data," Computers & Security, vol. 73, pp. 399-410, March. 2018.
Z. U. Rehman, N.K Sidra, M. Khan, J. W. Lee, M. "Machine learningassisted signature and heuristic-based detection of malwares in Android devices," Computers and Electrical Engineering.,
Z. Zongqu, W. Junfeng and B. Jinrong, "Malware detection method based on the control-flow construct feature of software," IET Information Security, vol.8, pp. 18-24, 2014.
T. Dube, R. Raines, G. Peterson, K. Bauer, M. Grimaila and S. Rogers, "Malware target recognition via static heuristics," Computers & Security. J., vol.31, pp. 137-147, Feb. 2012.
T. Ronghua, B. Lynn, I. Rafiqul and V. Steve, "An automated classification system based on the strings of trojan and virus families," in Conf. 4th International Conference on Malicious and Unwanted Software (MALWARE), Quebec, 2009, pp. 23-30.
S. Asaf, M. Robert, E. Yuval and G. Chanan, "Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey," Information Security Technical Report., vol.14, pp.16-29, Feb. 2009.
R. Andre, A. Gregio, D. Rafael, C. Santos, "Visualization techniques for malware behavior analysis," SPIE Defense, Security, and Sensing. International Society for Optics and Photonics, 801905-9, 2011.In Proc. Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense, Florida, 2011, pp. 1-9.
T. Muhammad and Z. Halim, "Employing artificial neural networks for constructing metadata-based model to automatically select an appropriate data visualization technique," Applied Soft Computing, vol.49, pp. 365-384, Dec. 2016.
K. Abdullah, C. Lee, G. Conti, and J.A. Copeland, "Visualizing network data for intrusion detection," In Proc. Sixth Annual IEEE SMC Information Assurance Workshop, New York, 2005. pp. 100-108.
T. Goldring, " Plots for visualizing user profiling data and network traffic," In Proc. 2004 ACM workshop on Visualization and data mining for computer security, Washington DC, 2004, pp.119-123.
E. Corchado, and A. Herrero, "Neural visualization of network traffic data for intrusion detection," Applied Soft Computing, vol.11, pp. 2042- 2056, March. 2011.
A. Herrero, E. Corchado, M. A. Pellicer, and A. Abraham, "A. MOVIH-IDS: A mobile-visualization hybrid intrusion detection system," Neurocomputing, vol. 72, pp. 2775-2784, Aug. 2009.
J. Pearlman, and P. Rheingans, "Visualizing network security events using compound glyphs from a service-oriented perspective,". Berlin, Heidelberg: Springer, 2007, pp. 131-146.
F. Mansman, L. Meier and D. A. Keim, "Visualization of host behavior for network security," Berlin, Heidelberg: Springer, 2008, pp. 187-202.
D. Gianluca, M. Fabio, S. Andrea and S. Daniele, "MADAM: a multilevel anomaly detector for android malware," In International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, 2012, pp.240-253.
B. Amos, H. Turner, and J. White, "Applying machine learning classifiers to dynamic android malware detection at scale," In Conf. 9th International wireless communications and mobile computing conference (IWCMC), Sardinia, 2013, pp.1666-1671.
H.S. Ham, and M.J. Choi, "Analysis of android malware detection performance using machine learning classifiers," In Conf. 2013 International Conference on ICT Convergence (ICTC), Jeju, 2013, pp. 490-495.
A. Gianazza, A, F. Maggi, A. Fattori, L. Cavallaro, and S. Zanero, "Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications," arXiv preprint arXiv, vol. 1402.4826, Feb. 2014.
S. Ravichandran, R.K. Chandrasekar, A. Selcuk Uluagac, and R. Beyah, "A simple visualization and programming framework for wireless sensor networks: PROVIZ," Ad Hoc Networks, vol. 53, pp. 1- 16, Dec. 2016.
V. Hoffmann, J., Neumann, S., & Holz, T, "Mobile malware detection based on energy fingerprints- A dead end," In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), Saint Lucia, 2013, pp.348-368.
Downloads
Published
How to Cite
Issue
Section
License
TRANSFER OF COPYRIGHT AGREEMENT
The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):
- All proprietary right other than copyright, such as patent rights
- The right to make further copies of all or part of the published article for my use in classroom teaching
- The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
- The right to make copies of the published work for internal distribution within the institution that employs me
I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.