Fig 2 - uploaded by Shafiq Ul Rehman
Content may be subject to copyright.
Download
View publication
An example of a list of processes for a memory dump.

An example of a list of processes for a memory dump.

Source publication
Fig. 1. An example of a reverse TCP shell.
Fig. 2. An example of a list of processes for a memory dump.
Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques
Article
Full-text available
  • Aug 2019
This article presents a dataset for studying the detection of obfuscated malware in volatile computer memory. Several obfuscated reverse remote shells were generated using Metasploit-Framework, Hyperion, and PEScrambler tools. After compromising the host, Memory snapshots of a Windows 10 virtual machine were acquired using the open-source Rekall's...
Cite
Download full-text

Context in source publication

Context 1
... Following the decompression process, we extracted a list of all processes "pslist" for every image file as well as the memory map "memmap" for the employed payload (Figs. 2 and 3). These information act as labels to train the machine learning algorithm. ...

Citations

... The dataset can be represented as RGB images and has the advantage that computer vision methods are compatible with the dataset. Sadek et al. created a dataset compromising Windows 10 VMs [16]. The authors deliberately infected Windows 10 VMs and collected ten snapshots of the VM once the malicious payload was running. ...
SmartKex: Machine Learning Assisted SSH Keys Extraction From The Heap Dump
Preprint
Full-text available
  • Sep 2022
Digital forensics is the process of extracting, preserving, and documenting evidence in digital devices. A commonly used method in digital forensics is to extract data from the main memory of a digital device. However, the main challenge is identifying the important data to be extracted. Several pieces of crucial information reside in the main memory, like usernames, passwords, and cryptographic keys such as SSH session keys. In this paper, we propose SmartKex, a machine-learning assisted method to extract session keys from heap memory snapshots of an OpenSSH process. In addition, we release an openly available dataset and the corresponding toolchain for creating additional data. Finally, we compare SmartKex with naive brute-force methods and empirically show that SmartKex can extract the session keys with high accuracy and high throughput. With the provided resources, we intend to strengthen the research on the intersection between digital forensics, cybersecurity, and machine learning.
View
... This can be done using a specifically designed dataset to test how well a detection system deals with obfuscated malware. (Sadek et al., 2019) challenged detection methods by using a large dataset that consists of positive and negative memory snapshots, advanced payload systems, and malware obfuscation. (Bozkir et al., 2021) have come up with a novel approach that uses an RGB image to show memory dump files in their malware detection system. ...
View
View
View
View