Share Email Print
cover

Proceedings Paper

Visualization techniques for malware behavior analysis
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Malware spread via Internet is a great security threat, so studying their behavior is important to identify and classify them. Using SSDT hooking we can obtain malware behavior by running it in a controlled environment and capturing interactions with the target operating system regarding file, process, registry, network and mutex activities. This generates a chain of events that can be used to compare them with other known malware. In this paper we present a simple approach to convert malware behavior into activity graphs and show some visualization techniques that can be used to analyze malware behavior, individually or grouped.

Paper Details

Date Published: 2 June 2011
PDF: 9 pages
Proc. SPIE 8019, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X, 801905 (2 June 2011);
Show Author Affiliations
André R. A. Grégio, CTI/MCT (Brazil)
Univ. of Campinas (Brazil)
Rafael D. C. Santos, INPE/MCT (Brazil)


Published in SPIE Proceedings Vol. 8019:
Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X
Edward M. Carapezza, Editor(s)

© SPIE. Terms of Use
Back to Top
PREMIUM CONTENT
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?
close_icon_gray