Towards Architecture and OS-Independent Malware Detection via Memory Forensics

Petrik, Rachel L.; Arik, Berat E.; Smith, Jared

doi:10.1145/3243734.3278527

Title: Towards Architecture and OS-Independent Malware Detection via Memory Forensics

Conference · Mon Oct 01 00:00:00 EDT 2018

DOI:https://doi.org/10.1145/3243734.3278527· OSTI ID:1486945

Petrik, Rachel L. ^[1];

^[1];

^[1]

ORNL

In this work, we take a fundamentally different approach to the problem of analyzing a device for compromises via malware; our approach is OS and instruction architecture independent and relies only on having the raw binary data extracted from the memory dump of a device. Our system leverages a multi-hundred TB dataset of both compromised host memory dumps extracted from the MalRec dataset [8] and the first known dataset of benign host memory dumps running normal, non-compromised software. After an average of 30 to 45 seconds of pre-processing on a single memory dump, our system leverages both traditional machine learning and deep learning algorithms to achieve an average of 98% accuracy of detecting a compromised host.

View Conference

Cite

Export

Save

Research Organization:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-00OR22725

OSTI ID:: 1486945

Resource Relation:: Conference: ACM SIGSAC Conference on Computer and Communications Security (CCS 2018) - Toronto, , Canada - 10/15/2018 12:00:00 PM-10/19/2018 12:00:00 PM

Country of Publication:: United States

Language:: English

References (5)

Malware images Nataraj, L.; Karthikeyan, S.; Jacob, G. Proceedings of the 8th International Symposium on Visualization for Cyber Security https://doi.org/10.1145/2016904.2016908	conference	July 2011
CNN Model to Classify Malware Using Image Feature Kamundala, Espoir K.; Kim, Chang Hoon KIISE Transactions on Computing Practices, Vol. 24, Issue 5 https://doi.org/10.5626/KTCP.2018.24.5.256	journal	May 2018
DeepMem Song, Wei; Yin, Heng; Liu, Chang Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security https://doi.org/10.1145/3243734.3243813	conference	October 2018
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections Huang, TonTon Hsien-De; Kao, Hung-Yu 2018 IEEE International Conference on Big Data (Big Data) https://doi.org/10.1109/BigData.2018.8622324	conference	December 2018
Demo Smith, Jared M.; Greenlee, Elliot; Ferber, Aaron Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security https://doi.org/10.1145/3133956.3138854	conference	October 2017

Similar Records

Independent malware detection architecture

Patent · Tue Apr 04 00:00:00 EDT 2023 · OSTI ID:1486945

Smith, Jared M.; Petrik, Rachel L.; Arik, Berat E.

The Evolution of Volatile Memory Forensics

Journal Article · Wed Jul 20 00:00:00 EDT 2022 · Journal of Cybersecurity and Privacy · OSTI ID:1486945

Nyholm, Hannah; Monteith, Kristine; Lyles, Seth; +4 more

Malware forensics on mobile devices for DOE-EM applications - 15708

Conference · Wed Jul 01 00:00:00 EDT 2015 · OSTI ID:1486945

De La Rosa, Andrew

Title: Towards Architecture and OS-Independent Malware Detection via Memory Forensics

Citation Formats

References (5)

Similar Records

Related Subjects