Use of Data Visualisation for Zero-Day Malware Detection

Sitalakshmi Venkatraman, Mamoun Alazab

Research output: Contribution to journalArticle

101 Downloads (Pure)

Abstract

With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today's Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.

Original languageEnglish
Article number1728303
Pages (from-to)1-14
Number of pages14
JournalSecurity and Communication Networks
Volume2018
DOIs
Publication statusPublished - 2 Dec 2018

Fingerprint Dive into the research topics of 'Use of Data Visualisation for Zero-Day Malware Detection'. Together they form a unique fingerprint.

Cite this