Towards Architecture and OS-Independent Malware Detection via Memory Forensics
- ORNL
In this work, we take a fundamentally different approach to the problem of analyzing a device for compromises via malware; our approach is OS and instruction architecture independent and relies only on having the raw binary data extracted from the memory dump of a device. Our system leverages a multi-hundred TB dataset of both compromised host memory dumps extracted from the MalRec dataset [8] and the first known dataset of benign host memory dumps running normal, non-compromised software. After an average of 30 to 45 seconds of pre-processing on a single memory dump, our system leverages both traditional machine learning and deep learning algorithms to achieve an average of 98% accuracy of detecting a compromised host.
- Research Organization:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-00OR22725
- OSTI ID:
- 1486945
- Resource Relation:
- Conference: ACM SIGSAC Conference on Computer and Communications Security (CCS 2018) - Toronto, , Canada - 10/15/2018 12:00:00 PM-10/19/2018 12:00:00 PM
- Country of Publication:
- United States
- Language:
- English
Malware images
|
conference | July 2011 |
CNN Model to Classify Malware Using Image Feature
|
journal | May 2018 |
DeepMem
|
conference | October 2018 |
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections
|
conference | December 2018 |
Demo
|
conference | October 2017 |
Similar Records
The Evolution of Volatile Memory Forensics
Malware forensics on mobile devices for DOE-EM applications - 15708