• Keine Ergebnisse gefunden

Visualization of Malware Behavior

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2021

Aktie "Visualization of Malware Behavior"

Copied!
14
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 14 Seite )

Volltext

(1)

UNIVERSITÄT

Pi1 - Laboratory for Dependable Distributed Systems

MANNHEIM

Visualization of Malware Behavior

DIMVA 2009 - Rump Session -

(2)

Philipp Trinius • Pi1 - Laboratory for Dependable Distributed Systems UNIVERSITÄT

MANNHEIM

Motivation

CWSandbox.org

Detailed behavior report

2.500 - 4.000 binaries a day

Each contains several hundred of api-calls

(3)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(4)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(5)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(6)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(7)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(8)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(9)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(10)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(11)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(12)

Philipp Trinius • Pi1 - Laboratory for Dependable Distributed Systems UNIVERSITÄT

MANNHEIM

Future Work

More / More suitable visualization techniques

Getting feedback of other analysts

Include the Pics into CWSandbox.org

What do you think?

Image clustering and classification

(13)

Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM

(14)

UNIVERSITÄT

MANNHEIM Philipp Trinius

http://pi1.informatik.uni-mannheim.de/

trinius@uni-mannheim.de

Pi1 - Laboratory for Dependable Distributed Systems

What do you think?

Referenzen

Jetzt herunterladen ( PDF - 14 Seite - 4.40 MB )

ÄHNLICHE DOKUMENTE

Distributed Systems

➥ services, runtime environment, and component model. ➥ today only as part of a

Distributed Systems

➥ a (special) leaf node stores pathname of the unit.

Distributed Systems

➥ if node is overloaded: determine load of other nodes and start process on low-loaded node.

Distributed Systems

➥ An special coordinator process manages the resource and a queue for waiting processes.. ➥

Distributed Systems

➥ A consistency model determines the order in which the write operations (updates) of the processes are “seen” by the other processes.. ➥ Intuitive expectation: a read

Distributed Systems

➥ delayed write: modified data will remain in the cache until a commit operation is executed (i.e. file is closed). ➥ advantage: better performance if many

Distributed Systems

tion system Operating Hardware DSM: NUMA Shared Virtual Memory Middleware. Computer 1 Computer 2 Computer 1 Computer 2 Computer 1

Distributed Systems

Timing failure Response time is outside the specification Response failure Server’s response is incorrect. Value failure Only the value of the answer is wrong State