Malware associated with Web downloads is responsible for many attacks trying to execute malicious code on a remote machine. Web browsers are protected by anti-malware utilities that try to distinguish between good downloads and bad downloads, blocking the bad ones and alerting the user. In order to cope with the uncertainty of such a process, very often the final decision is made using suitable thresholds, giving rise to a 3 categories classification: good downloads, bad downloads, and “in the middle” downloads (i.e., the uglies). In this situation, it is possible to involve the user (e.g., the security manager) in the decision loop, presenting him with the details of the decision process in a way he can either be more confident about the system decisions or he can refine what has been done automatically, e.g., promoting an ugly download to a good one. The paper addresses this problem presenting a visual analytics solution supporting the analysis of the classification system presented in AMICO [24], providing the user with a better understanding of the classification decisions and the possibility of changing the classification results. A prototype is available at: http://awareserver.dis.uniroma1.it:11768/malvis/.
Dettaglio pubblicazione
2017, 2017 IEEE Symposium on Visualization for Cyber Security (VizSec), Pages 1-8
The goods, the bads and the uglies: Supporting decisions in malware detection through visual analytics (04b Atto di convegno in volume)
Angelini Marco, Aniello Leonardo, Lenti Simone, Santucci Giuseppe, Ucci Daniele
ISBN: 978-1-5386-2693-1
keywords