MalGrid: Visualization Of Binary Features In Large Malware Corpora

TL;DR

MalGrid is a visualization system that maps large malware datasets into a 2D space, aiding rapid triage and understanding of malware relationships through interactive visualizations of binary feature similarities.

Contribution

It introduces a novel interactive visualization approach combining point-based and grid-based views for large malware datasets, highlighting binary feature relationships.

Findings

Effective visualization of millions of malware samples.

Insights into the impact of packing on malware complexity.

Enhanced malware triage and analysis capabilities.

Abstract

The number of malware is constantly on the rise. Though most new malware are modifications of existing ones, their sheer number is quite overwhelming. In this paper, we present a novel system to visualize and map millions of malware to points in a 2-dimensional (2D) spatial grid. This enables visualizing relationships within large malware datasets that can be used to develop triage solutions to screen different malware rapidly and provide situational awareness. Our approach links two visualizations within an interactive display. Our first view is a spatial point-based visualization of similarity among the samples based on a reduced dimensional projection of binary feature representations of malware. Our second spatial grid-based view provides a better insight into similarities and differences between selected malware samples in terms of the binary-based visual representations they share. We also provide a case study where the effect of packing on the malware data is correlated with the complexity of the packing algorithm.