The Community for Technology Leaders
RSS Icon
Minneapolis, Minnesota
Oct. 26, 2005 to Oct. 26, 2005
ISBN: 0-7803-9477-1
pp: 10
Gregory Conti , Georgia Institute of Technology
Julian Grizzard , Georgia Institute of Technology
Mustaque Ahamad , Georgia Institute of Technology
Henry Owen , Georgia Institute of Technology
This paper explores the application of visualization techniques to aid in the analysis of malicious and non-malicious binary objects. These objects may include any logically distinct chunks of binary data such as image files, word processing documents and network packets. To facilitate this analysis, we present a novel visualization technique for comparing and navigating among 600-1000+ such objects at one time. While the visualization technique alone has powerful application for both directed and undirected exploration of many classes of binary objects, we chose to study network packets. To increase effectiveness, we strengthened the visualization technique with novel, domain-specific semantic zooming, interactive encoding and dynamic querying capabilities. We present results and lessons learned from implementing these techniques and from studying both malicious and non-malicious network packets. Our results indicate that the information visualization system we present is an efficient and effective way to compare large numbers of network packets, visually examine their payloads and navigate to areas of interest within large network datasets.
binary object visualization, payload visualization, binary navigation, packet visualization, network visualization, reverse engineering
Gregory Conti, Julian Grizzard, Mustaque Ahamad, Henry Owen, "Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries", VIZSEC, 2005, Visualization for Computer Security, IEEE Workshops on, Visualization for Computer Security, IEEE Workshops on 2005, pp. 10, doi:10.1109/VIZSEC.2005.19
32 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool