Malware associated with Web downloads is responsible for many attacks trying to execute malicious code on a remote machine. Web browsers are protected by anti-malware utilities that try to distinguish between good downloads and bad downloads, blocking the bad ones and alerting the user. In order to cope with the uncertainty of such a process, very often the final decision is made using suitable thresholds, giving rise to a 3 categories classification: good downloads, bad downloads, and “in the middle” downloads (i.e., the uglies). In this situation, it is possible to involve the user (e.g., the security manager) in the decision loop, presenting him with the details of the decision process in a way he can either be more confident about the system decisions or he can refine what has been done automatically, e.g., promoting an ugly download to a good one. The paper addresses this problem presenting a visual analytics solution supporting the analysis of the classification system presented in AMICO [24], providing the user with a better understanding of the classification decisions and the possibility of changing the classification results. A prototype is available at: http://awareserver.dis.uniroma1.it:11768/malvis/.
The goods, the bads and the uglies: Supporting decisions in malware detection through visual analytics / Angelini, Marco; Aniello, Leonardo; Lenti, Simone; Santucci, Giuseppe; Ucci, Daniele. - STAMPA. - (2017), pp. 1-8. (Intervento presentato al convegno 14th IEEE Symposium on Visualization for Cyber Security, VizSec 2017 tenutosi a Phoenix; United States) [10.1109/VIZSEC.2017.8062199].
The goods, the bads and the uglies: Supporting decisions in malware detection through visual analytics
Angelini Marco
;Aniello Leonardo;LENTI, SIMONE;Santucci Giuseppe;Ucci Daniele
2017
Abstract
Malware associated with Web downloads is responsible for many attacks trying to execute malicious code on a remote machine. Web browsers are protected by anti-malware utilities that try to distinguish between good downloads and bad downloads, blocking the bad ones and alerting the user. In order to cope with the uncertainty of such a process, very often the final decision is made using suitable thresholds, giving rise to a 3 categories classification: good downloads, bad downloads, and “in the middle” downloads (i.e., the uglies). In this situation, it is possible to involve the user (e.g., the security manager) in the decision loop, presenting him with the details of the decision process in a way he can either be more confident about the system decisions or he can refine what has been done automatically, e.g., promoting an ugly download to a good one. The paper addresses this problem presenting a visual analytics solution supporting the analysis of the classification system presented in AMICO [24], providing the user with a better understanding of the classification decisions and the possibility of changing the classification results. A prototype is available at: http://awareserver.dis.uniroma1.it:11768/malvis/.| File | Dimensione | Formato | |
|---|---|---|---|
|
Angelini_The-goods_2017.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.8 MB
Formato
Adobe PDF
|
1.8 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
