GView: A versatile assistant for security researchers
We propose a tool, GView (Generic View), that is tailored to assist the investigation of possible attack vectors by providing guided analysis for a broad range of file types using automatic artifact identification, extraction, inference&coherent correlation, and meaningful&intuitive views at...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2024-12-01
|
| Series: | SoftwareX |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2352711024003108 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846150207887114240 |
|---|---|
| author | Raul Zaharia Dragoş Gavriluţ Gheorghiţă Mutu Dorel Lucanu |
| author_facet | Raul Zaharia Dragoş Gavriluţ Gheorghiţă Mutu Dorel Lucanu |
| author_sort | Raul Zaharia |
| collection | DOAJ |
| description | We propose a tool, GView (Generic View), that is tailored to assist the investigation of possible attack vectors by providing guided analysis for a broad range of file types using automatic artifact identification, extraction, inference&coherent correlation, and meaningful&intuitive views at different levels of granularity w.r.t. revealed information. GView simplifies the analysis of every payload in a complex attack, streamlining the workflow for security researchers, and increasing the accuracy of the analysis. The ’generic’ aspect derives from the fact that it accommodates various file types and also features multiple visualization modes (that can be automatically configured for each specific file type). Our results show that the analysis time of an attack is significantly reduced by GView, compared to conventional tools used in forensics. |
| format | Article |
| id | doaj-art-e8e4e616b5904bf3b7cfdae302ed8d06 |
| institution | Kabale University |
| issn | 2352-7110 |
| language | English |
| publishDate | 2024-12-01 |
| publisher | Elsevier |
| record_format | Article |
| series | SoftwareX |
| spelling | doaj-art-e8e4e616b5904bf3b7cfdae302ed8d062024-11-29T06:24:10ZengElsevierSoftwareX2352-71102024-12-0128101940GView: A versatile assistant for security researchersRaul Zaharia0Dragoş Gavriluţ1Gheorghiţă Mutu2Dorel Lucanu3Al. I. Cuza University & Bitdefender, Iaşi, Romania; Corresponding author.Al. I. Cuza University & Bitdefender, Iaşi, RomaniaAl. I. Cuza University & Bitdefender, Iaşi, RomaniaAl. I. Cuza University, Iaşi, RomaniaWe propose a tool, GView (Generic View), that is tailored to assist the investigation of possible attack vectors by providing guided analysis for a broad range of file types using automatic artifact identification, extraction, inference&coherent correlation, and meaningful&intuitive views at different levels of granularity w.r.t. revealed information. GView simplifies the analysis of every payload in a complex attack, streamlining the workflow for security researchers, and increasing the accuracy of the analysis. The ’generic’ aspect derives from the fact that it accommodates various file types and also features multiple visualization modes (that can be automatically configured for each specific file type). Our results show that the analysis time of an attack is significantly reduced by GView, compared to conventional tools used in forensics.http://www.sciencedirect.com/science/article/pii/S2352711024003108CybersecurityAutomatic artifact identificationIntuitive viewsCoherent data correlationMalware analysis |
| spellingShingle | Raul Zaharia Dragoş Gavriluţ Gheorghiţă Mutu Dorel Lucanu GView: A versatile assistant for security researchers SoftwareX Cybersecurity Automatic artifact identification Intuitive views Coherent data correlation Malware analysis |
| title | GView: A versatile assistant for security researchers |
| title_full | GView: A versatile assistant for security researchers |
| title_fullStr | GView: A versatile assistant for security researchers |
| title_full_unstemmed | GView: A versatile assistant for security researchers |
| title_short | GView: A versatile assistant for security researchers |
| title_sort | gview a versatile assistant for security researchers |
| topic | Cybersecurity Automatic artifact identification Intuitive views Coherent data correlation Malware analysis |
| url | http://www.sciencedirect.com/science/article/pii/S2352711024003108 |
| work_keys_str_mv | AT raulzaharia gviewaversatileassistantforsecurityresearchers AT dragosgavrilut gviewaversatileassistantforsecurityresearchers AT gheorghitamutu gviewaversatileassistantforsecurityresearchers AT dorellucanu gviewaversatileassistantforsecurityresearchers |