F-Secure has a way cool visualization presentation on the Bagle worm...check it out. Scroll down to the Fri, 23 Sept entry entitled, "A different look at Bagle". Very cool.
I know that there are visualization tools available for social network analysis. Raytheon's SilentRunner (who owns it now??) uses n-gram analysis to build context and create a basis for it's mapping, and is very interesting. I wonder if the above malware visualization will eventually include details of the actual functions themselves...
2 comments:
Hey Harlan,
Silent Runner is now Computer Associates Network Forensics.
As Richard points out, it's owned by CA now and part of their eTrust suite. N-gram analysis, at least in the version I was using two years ago, was sort of a separate tool in the SR toolbox but wasn't used for mapping nodes in the network visualization pieces.
There are a lot of tools to do this type of analysis, though, including Text::Ngram (a Perl module).
I've been thinking for a couple of years about trying to re-create some of the general tools from SR as a Free software project, but haven't ever really taken off with it beyond some preliminary design work.
Post a Comment