Advances and Applications in Discrete Mathematics

The Advances and Applications in Discrete Mathematics is a prestigious peer-reviewed journal indexed in the Emerging Sources Citation Index (ESCI). It is dedicated to publishing original research articles in the field of discrete mathematics and combinatorics, including topics such as graphs, coding theory, and block design. The journal emphasizes efficient and powerful tools for real-world applications and welcomes expository articles that highlight current developments in the field.

Submit Article

A FRAMEWORK TO ANALYZE OS SYSTEMS ARTIFACTS FROM LINUX MACHINES

Authors

  • Ghaida Mubarak
  • Sultan Alasmari

Keywords:

memory forensics, deep learning, Linux, cybersecurity, digital forensics.

DOI:

https://doi.org/10.17654/0974165824040

Abstract

Memory forensics plays a pivotal role in digital investigations, providing crucial insights into the activities and artifacts of an operating system. This paper explores the application of deep learning techniques in the domain of memory forensics within the Linux environment. Linux-based systems are widely used in various contexts, including servers, embedded devices, and desktops, making memory analysis in this ecosystem of paramount importance. Traditional memory forensics techniques have relied on manual analysis, which is often time-consuming and error prone. Deep learning, a subfield of machine learning, has demonstrated remarkable capabilities in pattern recognition and feature extraction tasks. In response, this paper presents a novel framework that automates and improves memory analysis through deep learning. Key components of this framework include data collection, preprocessing, feature extraction, and model selection. We introduce a unique dataset specifically curated for Linux memory forensics, facilitating the development and evaluation of deep learning models. Our experimental results demonstrate the efficacy of using a ResNet-50 model for detecting and classifying malware from memory dumps, achieving a detection rate of 98.75% and an accuracy rate of 89% in classifying malware types. Additionally, we acknowledged the challenges and limitations of applying deep learning in memory forensics, such as model interpretability and data privacy concerns. Future research directions are discussed, including real-time memory analysis integration and techniques for handling encrypted and compressed memory data.

Received: June 1, 2024
Revised: July 19, 2024
Accepted: July 31, 2024

References

A. Arora, S. Garg and S. K. Peddoju, Malware detection using network traffic analysis in android based mobile devices, Proceedings of the 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies, IEEE, 2014, pp. 66-71.

E. Casey, Digital Evidence and Computer Crime, Academic Press, 2011.

M. H. Ligh, A. Case, J. Levy and A. Walters, The art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, John Wiley & Sons, 2014.

A. A. Khan, A. A. Shaikh, A. A. Laghari, M. A. Dootio, M. M. Rind and S. A. Awan, Digital forensics and cyber forensics investigation: Security challenges, limitations, open issues, and future direction, International Journal of Electronic Security and Digital Forensics 14 (2022), 124-150.

R. Chandel, Memory Forensics Using Volatility Framework. https://www.hackingarticles.in/memory-forensics-using-volatility-framework/, 2020. Accessed: 2023-11-24.

I. Goodfellow, Y. Bengio and A. Courville, Deep Learning, MIT Press, 2016.

M. A. Ferrag, L. Maglaras, S. Moschoyiannis and H. Janicke, Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study, Journal of Information Security and Applications 50 (2020), 102419.

P. Himthani, G. P. Dubey, B. M. Sharma and A. Taneja, Big data privacy and challenges for machine learning, Proceedings of the 2020 Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), IEEE, 2020, pp. 707-713.

M. I. Nissan, J. Wagner and S. Aktar, Database memory forensics: A machine learning approach to reverse-engineer query activity, Forensic Science International: Digital Investigation 44 (2023), 301503.

X. Du, C. Hargreaves, J. Sheppard, F. Anda, A. Sayakkara, N. A. Le-Khac and M. Scanlon, SoK: Exploring the state of the art and the future potential of artificial intelligence in digital forensic investigation, Proceedings of the 15th International Conference on Availability, Reliability and Security, 2020, pp. 1-10.

S. Zhang, C. Hu, L. Wang, M. J. Mihaljevic, S. Xu and T. Lan, A Malware detection approach based on deep learning and memory forensics, Symmetry 15 (2023), 758.

B. Khilosiya and K. Makadiya, Malware analysis and detection using memory forensic, Multidiscip. Int. Res. J. Gujarat Technol. Univ. 2 (2020), 106.

K. He, X. Zhang, S. Ren and J. Sun, Deep residual learning for image recognition, Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016, pp. 770-778.

R. Verma, J. Govindaraj, S. Chhabra and G. Gupta, Df 2.0: An automated, privacy preserving, and efficient digital forensic framework that leverages machine learning for evidence prediction and privacy evaluation, Journal of Digital Forensics, Security and Law 14 (2019), 3.

T. Nayerifard, H. Amintoosi, A. G. Bafghi and A. Dehghantanha, Machine Learning in Digital Forensics: A Systematic Literature Review, arXiv preprint arXiv:2306.04965 2023.

S. I. Imtiaz, S. ur Rehman, A. R. Javed, Z. Jalil, X. Liu and W. S. Alnumay, DeepAMD: Detection and identification of Android malware using high-efficient deep artificial neural network, Future Generation Computer Systems 115 (2021), 844-856.

T. Landman and N. Nissim, Deep-Hook: A trusted deep learning-based framework for unknown malware detection and classification in Linux cloud environments, Neural Networks 144 (2021), 648-685.

T. Panker and N. Nissim, Leveraging malicious behavior traces from volatile memory using machine learning methods for trusted unknown malware detection in Linux cloud environments, Knowledge-Based Systems 226 (2021), 107095.

Q. Wang, W. U. Hassan, D. Li, K. Jee, X. Yu, K. Zou, J. Rhee, Z. Chen, W. Cheng, C. A. Gunter, et al., You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis, Proceedings of the NDSS, 2020.

A. S. Bozkir, E. Tahillioglu, M. Aydos and I. Kara, Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision, Computers and Security 103 (2021), 102166.

R. Sihwail, K. Omar and K. A. Z. Arifin, An effective memory analysis for malware detection and classification, Computers, Materials and Continua (2021), 67.

S. S. H. Shah, N. Jamil and A. U. R. Khan, Memory visualization-based malware detection technique, Sensors 22 (2022), 7611.

S. Sharma, P. Ahlawat and K. Khanna, DeepMDFC: A deep learning based android malware detection and family classification method, Security and Privacy (2023), p. e347.

A. Ali-Gombe, S. Sudhakaran, R. Vijayakanthan and G. G. Richard III, cRGB_Mem: At the intersection of memory forensics and machine learning, Forensic Science International: Digital Investigation 45 (2023), 301564.

J. Liu, Y. Feng, X. Liu, J. Zhao and Q. Liu, MRm-DLDet: A memory-resident malware detection framework based on memory forensics and deep neural network, Cybersecurity 6 (2023), 21.

L. Nataraj, S. Karthikeyan, G. Jacob and B. S. Manjunath, Malware images: visualization and automatic classification, Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011, pp. 1 7.

Abuse.ch, Malware Bazaar-Malware sample exchange. https://mb-api.abuse.ch, 2020. Accessed: 2024-03-23.

N. Partush, Labeled-Elfs. https://github.com/nimrodpar/Labeled-Elfs, 2021. Accessed: 2024-03-23.

Corporation, O. VirtualBox 6.1.50 [Software]. https://download.virtualbox.org/virtualbox/6.1.50/. Retrieved 2024-03-23.

HashiCorp, Installing Vagrant. https://developer.hashicorp.com/vagrant/install. Accessed: 2024-03-23.

M. Brengel and C. Rossow, Memscrimper: Time- and space-efficient storage of malware sandbox memory dumps, Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 2018, pp. 24-45.

L. F. de Loaysa Babiano, R. Macfarlane and S. R. Davies, Evaluation of live forensic techniques, towards Salsa20-based cryptographic ransomware mitigation, Forensic Science International: Digital Investigation 46 (2023), 301572.

Downloads

Published

2024-10-09

Issue

Vol. 41 No. 8 (2024)

Section

Articles

License

Copyright (c) 2024 PUSHPA PUBLISHING HOUSE, PRAYAGRAJ, INDIA

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

_________________________

Licensing Terms:

Attribution: Credit Pushpa Publishing House as the original publisher, including title and author(s) if applicable.

Contact Pushpa Publishing House for more info or permissions.

How to Cite

A FRAMEWORK TO ANALYZE OS SYSTEMS ARTIFACTS FROM LINUX MACHINES. (2024). Advances and Applications in Discrete Mathematics, 41(8), 603-640. https://doi.org/10.17654/0974165824040

Similar Articles

1-10 of 13

You may also start an advanced similarity search for this article.