{"id":"https://openalex.org/W2916021615","doi":"https://doi.org/10.1109/vizsec.2018.8709230","title":"Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics","display_name":"Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2916021615","doi":"https://doi.org/10.1109/vizsec.2018.8709230","mag":"2916021615"},"language":"en","primary_location":{"id":"doi:10.1109/vizsec.2018.8709230","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2018.8709230","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://research.tue.nl/en/publications/0ef5a000-9e13-419f-8428-22387eabdb1d","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013797659","display_name":"Bram C.M. Cappers","orcid":"https://orcid.org/0009-0003-4568-5568"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Bram C.M. Cappers","raw_affiliation_strings":["Eindhoven University of Technology"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019364068","display_name":"Paulus Meessen","orcid":"https://orcid.org/0009-0003-0683-9042"},"institutions":[{"id":"https://openalex.org/I145872427","display_name":"Radboud University Nijmegen","ror":"https://ror.org/016xsfp80","country_code":"NL","type":"education","lineage":["https://openalex.org/I145872427"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Paulus N. Meessen","raw_affiliation_strings":["Radboud Universiteit Nijmegen"],"affiliations":[{"raw_affiliation_string":"Radboud Universiteit Nijmegen","institution_ids":["https://openalex.org/I145872427"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052389888","display_name":"Sandro Etalle","orcid":null},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Sandro Etalle","raw_affiliation_strings":["Eindhoven University of Technology"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5051025031","display_name":"Jarke J. van Wijk","orcid":"https://orcid.org/0000-0002-5128-976X"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Jarke J. van Wijk","raw_affiliation_strings":["Eindhoven University of Technology"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology","institution_ids":["https://openalex.org/I83019370"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5013797659"],"corresponding_institution_ids":["https://openalex.org/I83019370"],"apc_list":null,"apc_paid":null,"fwci":1.8061,"has_fulltext":true,"cited_by_count":36,"citation_normalized_percentile":{"value":0.89619525,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9922000169754028,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9915000200271606,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8130406141281128},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.7803450226783752},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7759649753570557},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.7342332601547241},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.7139918804168701},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.674205482006073},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.6050853133201599},{"id":"https://openalex.org/keywords/data-visualization","display_name":"Data visualization","score":0.5660492181777954},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.5489679574966431},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.5273783206939697},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5157206654548645},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.48626458644866943},{"id":"https://openalex.org/keywords/creative-visualization","display_name":"Creative visualization","score":0.45702454447746277},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44794607162475586},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.35322949290275574},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.2607074975967407}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8130406141281128},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.7803450226783752},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7759649753570557},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.7342332601547241},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.7139918804168701},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.674205482006073},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.6050853133201599},{"id":"https://openalex.org/C172367668","wikidata":"https://www.wikidata.org/wiki/Q6504956","display_name":"Data visualization","level":3,"score":0.5660492181777954},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.5489679574966431},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.5273783206939697},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5157206654548645},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.48626458644866943},{"id":"https://openalex.org/C14669888","wikidata":"https://www.wikidata.org/wiki/Q4014850","display_name":"Creative visualization","level":3,"score":0.45702454447746277},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44794607162475586},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35322949290275574},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.2607074975967407},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"doi:10.1109/vizsec.2018.8709230","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vizsec.2018.8709230","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Symposium on Visualization for Cyber Security (VizSec)","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.tue.nl:openaire/0ef5a000-9e13-419f-8428-22387eabdb1d","is_oa":true,"landing_page_url":"https://research.tue.nl/en/publications/0ef5a000-9e13-419f-8428-22387eabdb1d","pdf_url":null,"source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cappers, B C M, Meessen, P N, Etalle, S & Van Wijk, J J 2019, Eventpad : Rapid malware analysis and reverse engineering using visual analytics. in S Trent, J Kohlhammer, G Sauer, R Gove, D Best, C L Paul, N Prigent & D Staheli (eds), 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018., 8709230, Institute of Electrical and Electronics Engineers, 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018, Berlin, Germany, 22/10/18. https://doi.org/10.1109/VIZSEC.2018.8709230","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:pure.tue.nl:publications/0ef5a000-9e13-419f-8428-22387eabdb1d","is_oa":true,"landing_page_url":"http://www.scopus.com/inward/record.url?scp=85066414322&partnerID=8YFLogxK","pdf_url":"https://pure.tue.nl/ws/files/113783682/Eventpad_Rapid_Malware_Analysis_and_Reverse_Engineering_using_Visual_Analytics.pdf","source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cappers, B C M, Meessen, P N, Etalle, S & Van Wijk, J J 2019, Eventpad : Rapid malware analysis and reverse engineering using visual analytics. in S Trent, J Kohlhammer, G Sauer, R Gove, D Best, C L Paul, N Prigent & D Staheli (eds), 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018., 8709230, Institute of Electrical and Electronics Engineers, 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018, Berlin, Germany, 22/10/18. https://doi.org/10.1109/VIZSEC.2018.8709230","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:tue:oai:pure.tue.nl:publications/0ef5a000-9e13-419f-8428-22387eabdb1d","is_oa":true,"landing_page_url":"https://research.tue.nl/nl/publications/0ef5a000-9e13-419f-8428-22387eabdb1d","pdf_url":"https://research.tue.nl/nl/publications/0ef5a000-9e13-419f-8428-22387eabdb1d","source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018","raw_type":"info:eu-repo/semantics/conferencepaper"},{"id":"pmh:907657","is_oa":false,"landing_page_url":"http://library.tue.nl/csp/dare/LinkToRepository.csp?recordnumber=907657","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:library.tue.nl:907657","is_oa":false,"landing_page_url":"http://repository.tue.nl/907657","pdf_url":null,"source":{"id":"https://openalex.org/S4406923046","display_name":"TU/e Research Portal (Eindhoven University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""}],"best_oa_location":{"id":"pmh:oai:pure.tue.nl:openaire/0ef5a000-9e13-419f-8428-22387eabdb1d","is_oa":true,"landing_page_url":"https://research.tue.nl/en/publications/0ef5a000-9e13-419f-8428-22387eabdb1d","pdf_url":null,"source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cappers, B C M, Meessen, P N, Etalle, S & Van Wijk, J J 2019, Eventpad : Rapid malware analysis and reverse engineering using visual analytics. in S Trent, J Kohlhammer, G Sauer, R Gove, D Best, C L Paul, N Prigent & D Staheli (eds), 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018., 8709230, Institute of Electrical and Electronics Engineers, 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018, Berlin, Germany, 22/10/18. https://doi.org/10.1109/VIZSEC.2018.8709230","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth","score":0.6200000047683716}],"awards":[{"id":"https://openalex.org/G629491556","display_name":null,"funder_award_id":"(NWO)","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"}],"funders":[{"id":"https://openalex.org/F4320321800","display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","ror":"https://ror.org/04jsz6e67"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W139044672","https://openalex.org/W172558989","https://openalex.org/W1486461328","https://openalex.org/W1590123802","https://openalex.org/W1653505105","https://openalex.org/W1943462367","https://openalex.org/W1984233424","https://openalex.org/W1999065800","https://openalex.org/W2004092699","https://openalex.org/W2010065958","https://openalex.org/W2011493390","https://openalex.org/W2056127986","https://openalex.org/W2132068130","https://openalex.org/W2142493242","https://openalex.org/W2153463096","https://openalex.org/W2156350103","https://openalex.org/W2161133721","https://openalex.org/W2164816439","https://openalex.org/W2216444195","https://openalex.org/W2550670348","https://openalex.org/W2583683552","https://openalex.org/W2611745632","https://openalex.org/W2742517765","https://openalex.org/W2750661846","https://openalex.org/W2762390651","https://openalex.org/W2891376196","https://openalex.org/W4241024087","https://openalex.org/W6605683200","https://openalex.org/W6629194809","https://openalex.org/W6684462498","https://openalex.org/W6688716199","https://openalex.org/W6754353901"],"related_works":["https://openalex.org/W2801605877","https://openalex.org/W2400976661","https://openalex.org/W2013467770","https://openalex.org/W3012440071","https://openalex.org/W2112083262","https://openalex.org/W2181693928","https://openalex.org/W2134678736","https://openalex.org/W2216444195","https://openalex.org/W2193094929","https://openalex.org/W2916021615"],"abstract_inverted_index":{"Forensic":[0],"analysis":[1,129],"of":[2,18,23,76,101,111,130,142],"malware":[3,40,92],"activity":[4,93],"in":[5,29,61,65,78,127],"network":[6,66],"environments":[7],"is":[8,121],"a":[9,30,46,108],"necessary":[10],"yet":[11],"very":[12,31],"costly":[13],"and":[14,54,95,117,136,152],"time":[15],"consuming":[16],"part":[17],"incident":[19],"response.":[20],"Vast":[21],"amounts":[22],"data":[24,52,147],"need":[25],"to":[26,84,123],"be":[27],"screened,":[28],"labor-intensive":[32],"process,":[33],"looking":[34],"for":[35],"signs":[36],"indicating":[37],"how":[38,87,119],"the":[39,74,99,102,112,128,140,143],"at":[41],"hand":[42],"behaves":[43],"inside":[44],"e.g.,":[45],"corporate":[47],"network.":[48],"We":[49,71,138],"believe":[50],"that":[51,73],"reduction":[53],"visualization":[55],"techniques":[56],"can":[57,81],"assist":[58],"security":[59],"analysts":[60],"studying":[62],"behavioral":[63],"patterns":[64,77],"traffic":[67,80,132,151],"samples":[68],"(e.g.,":[69],"PCAP).":[70],"argue":[72],"discovery":[75],"this":[79,104],"help":[82],"us":[83],"quickly":[85],"understand":[86],"intrusive":[88],"behavior":[89],"such":[90],"as":[91],"unfolds":[94],"distinguishes":[96],"itself":[97],"from":[98],"rest":[100],"traffic.In":[103],"paper":[105],"we":[106],"present":[107],"case":[109],"study":[110],"visual":[113],"analytics":[114],"tool":[115,144],"EventPad":[116],"illustrate":[118],"it":[120],"used":[122],"gain":[124],"quick":[125],"insights":[126],"PCAP":[131],"using":[133],"rules,":[134],"aggregations,":[135],"selections.":[137],"show":[139],"effectiveness":[141],"on":[145],"real-world":[146],"sets":[148],"involving":[149],"office":[150],"ransomware":[153],"activity.":[154]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":3}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}