We apply a variation of socio-cultural cognitive mapping (SCM) to computer malware features explored previously by Saxe and Berlin that characterized malware binaries as benign or malicious based on 1024 program features derived from a deep neural network-based detection system. In this work, we model the features as attributes within a latent spatial domain using a weighted consensus graph representation to visualize and analyze the malware binary communities. The data used in our analysis is extracted from a Remote Access Trojan family named Sakula that first appeared in 2012, and has been used to enable an adversary to run interactive commands and execute remote program functions. Our results show that by SCM we were able to identify distinct malware communities within the malware family, which revealed insights into the overall structure of the various binaries as well as possible temporal relationships between the binaries.

我们将社会文化认知映射（SCM）的变体应用于Saxe和Berlin先前探索的计算机恶意软件功能，这些功能基于从基于深度神经网络的检测系统得出的1024个程序功能将恶意软件二进制文件归为良性或恶意。在这项工作中，我们使用加权共识图表示来将特征建模为潜在空间域内的属性，以可视化和分析恶意软件二进制社区。我们在分析中使用的数据是从名为Sakula的远程访问木马家族中提取的，该家族最初于2012年出现，已用于使对手运行交互式命令并执行远程程序功能。我们的结果表明，通过SCM，我们能够识别恶意软件家族中不同的恶意软件社区，