UNIVERSITÄT
Pi1 - Laboratory for Dependable Distributed Systems
MANNHEIM
Visualization of Malware Behavior
DIMVA 2009 - Rump Session -
Philipp Trinius • Pi1 - Laboratory for Dependable Distributed Systems UNIVERSITÄT
MANNHEIM
Motivation
• CWSandbox.org
• Detailed behavior report
• 2.500 - 4.000 binaries a day
• Each contains several hundred of api-calls
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
Philipp Trinius • Pi1 - Laboratory for Dependable Distributed Systems UNIVERSITÄT
MANNHEIM
Future Work
• More / More suitable visualization techniques
• Getting feedback of other analysts
• Include the Pics into CWSandbox.org
• What do you think?
• Image clustering and classification
Philipp Trinius • Laboratory for Dependable Distributed Systems UNIVERSITÄT MANNHEIM
UNIVERSITÄT
MANNHEIM Philipp Trinius
http://pi1.informatik.uni-mannheim.de/
trinius@uni-mannheim.de
Pi1 - Laboratory for Dependable Distributed Systems
What do you think?