Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics

Cappers, Bram C.M.; Meessen, Paulus; Etalle, Sandro; Wijk, Jarke J. van

doi:10.1109/vizsec.2018.8709230

Cited by 27 publications

(21 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…More recent works try to reduce the effort involved during manual labeling through the use of visualization tools. In particular, the use of visual systems help user during labeling by improving correlation between malicious patterns and making the user more confident about their labels [68].…”

Section: Manualmentioning

confidence: 99%

Datasets are not Enough: Challenges in Labeling Network Traffic

Guerra¹,

Catania²,

Veas³

2021

Preprint

View full text Add to dashboard Cite

In contrast to previous surveys, the present work is not focused on reviewing the datasets used in the network security field. The fact is that many of the available public labeled datasets represent the network behavior just for a particular time period. Given the rate of change in malicious behavior and the serious challenge to label, and maintain these datasets, they become quickly obsolete. Therefore, this work is focused on the analysis of current labeling methodologies applied to network-based data. In the field of network security, the process of labeling a representative network traffic dataset is particularly challenging and costly since very specialized knowledge is required to classify network traces. Consequently, most of the current traffic labeling methods are based on the automatic generation of synthetic network traces, which hides many of the essential aspects necessary for a correct differentiation between normal and malicious behavior. Alternatively, a few other methods incorporate non-experts users in the labeling process of real traffic with the help of visual and statistical tools. However, after conducting an in-depth analysis, it seems that all current methods for labeling suffer from fundamental drawbacks regarding the quality, volume, and speed of the resulting dataset. This lack of consistent methods for continuously generating a representative dataset with an accurate and validated methodology must be addressed by the network security research community. Moreover, a consistent label methodology is a fundamental condition for helping in the acceptance of novel detection approaches based on statistical and machine learning techniques.

show abstract

Section: Manualmentioning

confidence: 99%

Datasets are not Enough: Challenges in Labeling Network Traffic

Guerra¹,

Catania²,

Veas³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…While not being in the focus of this project, we found that our query definition interface lacks the option to define pattern sequences across tracks. We plan to investigate better query interfaces for MTS data following recent examples, such as [16].…”

Section: Interactive and Transparent Visual Interface For Multivariat...mentioning

confidence: 99%

PSEUDo: Interactive Pattern Search in Multivariate Time Series with Locality-Sensitive Hashing and Relevance Feedback

Yu¹,

Kruyff²,

Becker³

et al. 2021

Preprint

View full text Add to dashboard Cite

“…Another approach for forensic analyses of malware was introduced with Eventpad [4]. Eventpad's advantage is its capability to significantly reduce the complexity within network traffic samples to quickly understand the networking behavior of malware samples.…”

Section: Related Workmentioning

confidence: 99%

“…Before we explicitly discuss the individual steps of the pipeline within our prototype, we briefly describe its overall structure. It is designed as a client 4 -server 5 application with an underlying document-oriented database 6 for persisting the raw data acquired from the Data Collection and the pre-processed data. The pre-processed data is the output of the Data Analysis step, in which a Python script continuously prepares newly available raw data.…”

Section: Research Prototypementioning

confidence: 99%