Abstract

With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: <mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M1"><mml:mo stretchy="false">(</mml:mo><mml:mn fontstyle="italic">1</mml:mn><mml:mo stretchy="false">)</mml:mo></mml:math> to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and <mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M2"><mml:mo stretchy="false">(</mml:mo><mml:mn fontstyle="italic">2</mml:mn><mml:mo stretchy="false">)</mml:mo></mml:math> to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.