Use of Data Visualisation for Zero-Day Malware Detection

With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for m...

Full description

Saved in:
Bibliographic Details
Published inSecurity and communication networks Vol. 2018; no. 2018; pp. 1 - 13
Main Authors Venkatraman, Sitalakshmi, Alazab, Mamoun
Format Journal Article
LanguageEnglish
Published Cairo, Egypt Hindawi Publishing Corporation 01.01.2018
Hindawi
John Wiley & Sons, Inc
Subjects
Application programming interface
Automation
Big Data
Classification
Computer networks
Computer viruses
Computers
Criminal investigations
Cybersecurity
Data analysis
Data encryption
Data mining
Electronic devices
Internet of Things
Machine learning
Malware
Network security
Reverse engineering
Scientific visualization
Similarity
Similarity measures
Subject specialists
Support vector machines
Visualization
Wireless networks
Online AccessGet full text

Cover

More Information
Summary:With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1939-0114
1939-0122
DOI:10.1155/2018/1728303