Malware, viruses and log visualisation

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University


Faculty of Computing, Health and Science


School of Computer and Information Science / Centre for Security Research




Swanson, I. (2008, March). Malware, Viruses and Log Visualisation. In Australian Digital Forensics Conference (p. 54). Available here


This paper will look at the current state of visualization in relation to mainly malware collector logs, network logs and the possibility of visualizing their payloads. We will show that this type of visualization of activity on the network can help us in the forensic investigation of the traffic, which may contain unwanted pieces of cod, and may identify any patterns within the traffic or payloads that might help us determine the nature of the traffic visually. We will further speculate on a framework that could be built which would be able to finger print any type of malware, based on the theory that the basic structure of Malware code does not change, it may mutate but the internal structure stays the same. By passing it through either a current log Visualisation algorithm or a purpose built piece of visual inspection software which would output a 3D visual representation of the malware to screen or be further processed by a multipoint mapping utility similar to a finger print mapper, which would determine the base structure of the malware and categorise it. If we could finger print zero day virus by recognising visually, we may then able to detect and create an antidote to it much quicker and more efficiently than is currently being done by most antivirus vendors



Access Rights




Link to publisher version (DOI)