F-Secure has a way cool visualization presentation on the Bagle worm...check it out. Scroll down to the Fri, 23 Sept entry entitled, "A different look at Bagle". Very cool.
I know that there are visualization tools available for social network analysis. Raytheon's SilentRunner (who owns it now??) uses n-gram analysis to build context and create a basis for it's mapping, and is very interesting. I wonder if the above malware visualization will eventually include details of the actual functions themselves...
Hey Harlan,
ReplyDeleteSilent Runner is now Computer Associates Network Forensics.
As Richard points out, it's owned by CA now and part of their eTrust suite. N-gram analysis, at least in the version I was using two years ago, was sort of a separate tool in the SR toolbox but wasn't used for mapping nodes in the network visualization pieces.
ReplyDeleteThere are a lot of tools to do this type of analysis, though, including Text::Ngram (a Perl module).
I've been thinking for a couple of years about trying to re-create some of the general tools from SR as a Free software project, but haven't ever really taken off with it beyond some preliminary design work.