Abstract
With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.
Highlights
Malicious software is a computer program that has the intention of causing harm to the operating system kernel or some security sensitive application or data without the user’s consent [1, 2]
Recent studies have used various data mining techniques for permission usage analysis in mobile applications and the results show that support vector machine (SVM) classifier could achieve over 90% accuracy [17]
The experiment was run in three different processors, which aided in the effective malware classification, and was evaluated using very large real-life malware dataset consisting of about 75,000 samples obtained through public databases such as VX heavens [51]
Summary
Malicious software (malware) is a computer program that has the intention of causing harm to the operating system kernel or some security sensitive application or data without the user’s consent [1, 2]. Worms, potentially unwanted programs (PUP), and others that could even compromise a computer. Internet crime using such malware is affecting many businesses and people worldwide. There have been many malicious activities on the web with new attacks caused by unknown variants of existing malware that obfuscate their behaviour to evade from detection [3]. These malware are called zero-day malware (new malware) as there are zero-days between the unknown malware’s first attack and the time it is discovered.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
