The Community for Technology Leaders
Visualization for Computer Security, IEEE Workshops on (2005)
Minneapolis, Minnesota
Oct. 26, 2005 to Oct. 26, 2005
ISBN: 0-7803-9477-1
pp: 10
Henry Owen , Georgia Institute of Technology
Gregory Conti , Georgia Institute of Technology
Julian Grizzard , Georgia Institute of Technology
Mustaque Ahamad , Georgia Institute of Technology
This paper explores the application of visualization techniques to aid in the analysis of malicious and non-malicious binary objects. These objects may include any logically distinct chunks of binary data such as image files, word processing documents and network packets. To facilitate this analysis, we present a novel visualization technique for comparing and navigating among 600-1000+ such objects at one time. While the visualization technique alone has powerful application for both directed and undirected exploration of many classes of binary objects, we chose to study network packets. To increase effectiveness, we strengthened the visualization technique with novel, domain-specific semantic zooming, interactive encoding and dynamic querying capabilities. We present results and lessons learned from implementing these techniques and from studying both malicious and non-malicious network packets. Our results indicate that the information visualization system we present is an efficient and effective way to compare large numbers of network packets, visually examine their payloads and navigate to areas of interest within large network datasets.
binary object visualization, payload visualization, binary navigation, packet visualization, network visualization, reverse engineering
Henry Owen, Gregory Conti, Julian Grizzard, Mustaque Ahamad, "Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries", Visualization for Computer Security, IEEE Workshops on, vol. 00, no. , pp. 10, 2005, doi:10.1109/VIZSEC.2005.19
85 ms
(Ver )