Eventpad: Rapid malware analysis and reverse engineering using visual analytics

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

123 Downloads (Pure)

Abstract

Forensic analysis of malware activity in network environments is a necessary yet very costly and time consuming part of incident response. Vast amounts of data need to be screened, in a very labor-intensive process, looking for signs indicating how the malware at hand behaves inside e.g., a corporate network. We believe that data reduction and visualization techniques can assist security analysts in studying behavioral patterns in network traffic samples (e.g., PCAP). We argue that the discovery of patterns in this traffic can help us to quickly understand how intrusive behavior such as malware activity unfolds and distinguishes itself from the rest of the traffic.In this paper we present a case study of the visual analytics tool EventPad and illustrate how it is used to gain quick insights in the analysis of PCAP traffic using rules, aggregations, and selections. We show the effectiveness of the tool on real-world data sets involving office traffic and ransomware activity.

Original languageEnglish
Title of host publication2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018
EditorsStoney Trent, Jorn Kohlhammer, Graig Sauer, Robert Gove, Daniel Best, Celeste Lyn Paul, Nicolas Prigent, Diane Staheli
PublisherInstitute of Electrical and Electronics Engineers
Number of pages8
ISBN (Electronic)9781538681947
DOIs
Publication statusPublished - 9 May 2019
Event2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018 - Hotel Estrel, Berlin, Germany
Duration: 22 Oct 2018 → …
https://vizsec.org/vizsec2018/#cfp

Conference

Conference2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018
Abbreviated titleVizSec
CountryGermany
CityBerlin
Period22/10/18 → …
Internet address

    Fingerprint

Keywords

  • Human-centered computing
  • Security
  • Software and application security
  • Software reverse engineering
  • Visual analytics
  • Visualization
  • Visualization application domains

Cite this

Cappers, B. C. M., Meessen, P. N., Etalle, S., & Van Wijk, J. J. (2019). Eventpad: Rapid malware analysis and reverse engineering using visual analytics. In S. Trent, J. Kohlhammer, G. Sauer, R. Gove, D. Best, C. L. Paul, N. Prigent, ... D. Staheli (Eds.), 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018 [8709230] Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/VIZSEC.2018.8709230