@incollection{wagner_visual_2017, title = {Visual {Analytics}: {Foundations} and {Experiences} in {Malware} {Analysis}}, isbn = {978-1-4987-7641-7}, abstract = {This chapter starts by providing some background in behavior-based malware analysis. Subsequently, it introduces VA and its main components based on the knowledge generation model for VA (Sacha et al., 2014). Then, it demonstrates the applicability of VA in in this subfield of software security with three projects that illustrate practical experience of VA methods: MalwareVis (Zhuo et al., 2012) supports network forensics and malware analysis by visually assessing TCP and DNS network streams. SEEM (Gove et al., 2014) allows visual comparison of multiple large attribute sets of malware samples, thereby enabling bulk classification. KAMAS (Wagner et al. 2017) is a knowledge-assisted visualization system for behavior-based malware forensics enabled by API calls and system call traces. Future directions in visual analytics for malware analysis conclude the chapter.}, booktitle = {Empirical {Research} for {Software} {Security}: {Foundations} and {Experience}}, publisher = {CRC/Taylor and Francis}, author = {Wagner, Markus and Sacha, Dominik and Rind, Alexander and Fischer, Fabian and Luh, Robert and Schrittwieser, Sebastian and Keim, Daniel A and Aigner, Wolfgang}, editor = {Othmane, Lotfi Ben and Jaatun, Martin Gilje and Weippl, Edgar}, year = {2017}, note = {Projekt: KAVA-Time}, keywords = {FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Publikationstyp Schriftpublikation, Visual Computing, Visual analytics, Wiss. Beitrag, best, best-lbwagnerm, data, interaction, knowledge generation, malware analysis, model, peer-reviewed, visualization}, pages = {139--171}, }