A SOM Based Malware Visualization System Using Resource Access Filter of Virtual Machine
Modern operating system such as Windows OS has become so sophisticated that its behavior is too complicated for the ability of information processing of human being. Besides, malware (malicious software) is now serious problem with the difficulty of detecting it in complex operating system environment. Is this paper, the authors propose a visualization system of malware using self organizing map which can simplify the complicated behavior of compromised Windows OS. In proposed system, Windows OS is virtualized and observed from hypervisor which is running outside virtual machine and inter-VM communication channel is constructed between virtual Windows OS and hypervisor. They present how to transfer access log of virtualized Windows OS and process it by unsupervised learning algorithms.