@inproceedings{wagner_problem_2014, address = {Paris}, title = {Problem {Characterization} and {Abstraction} for {Visual} {Analytics} in {Behavior}-{Based} {Malware} {Pattern} {Analysis}}, url = {https://ifs.tuwien.ac.at/~rind/preprint/wagner_2014_VizSec_problem.pdf}, doi = {10/cv8p}, abstract = {Behavior-based analysis of emerging malware families involves finding suspicious patterns in large collections of execution traces. This activity cannot be automated for previously unknown malware families and thus malware analysts would benefit greatly from integrating visual analytics methods in their process. However existing approaches are limited to fairly static representations of data and there is no systematic characterization and abstraction of this problem domain. Therefore we performed a systematic literature study, conducted a focus group as well as semi-structured interviews with 10 malware analysts to elicit a problem abstraction along the lines of data, users, and tasks. The requirements emerging from this work can serve as basis for future design proposals to visual analytics-supported malware pattern analysis.}, booktitle = {Proceedings of the {Eleventh} {Workshop} on {Visualization} for {Cyber} {Security}}, publisher = {ACM}, author = {Wagner, Markus and Aigner, Wolfgang and Rind, Alexander and Dornhackl, Hermann and Kadletz, Konstantin and Luh, Robert and Tavolato, Paul}, editor = {Harrison, Lane}, month = nov, year = {2014}, note = {Projekt: TARGET Projekt: KAVA-Time}, keywords = {2014, Creative Industries, Department Technologie, FH SP Cyber Security, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Forschungsgruppe Secure Societies, Institut für Creative Media Technologies, Institut für IT Sicherheitsforschung, KAVA-Time, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, Visual analytics, best, best-lbwagnerm, evaluation, malicious software, malware analysis, peer-reviewed, problem characterization and abstraction, user centered design, visualization}, pages = {9 -- 16}, }