Software Engineering Institute

Malfaces from the Software Engineering Institute is a two-tool process that visualizes similarities between malware input files. The first tool uses binary code comparison techniques and a transform function to determine which input files match. Then, using statistical analysis, the second tool draws Chernoff faces for each file and delivers an estimate of how many unique programs are in the input files set. Together, these tools reduce file analysis to a differential analysis task—saving time and money in reverse engineering after a cyber incident. You can find more on the Malfaces concept in “This Malware Looks Familiar: Laymen Identify Malware Run-time Similarity with Chernoff faces and Stick Figures” at http://eudl.eu/doi/10.4108/eai.22-3-2....

For more information, write to info@sei.cmu.edu.