Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques

Artigo Acesso aberto Revisado por pares

Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques

2019; Elsevier BV; Volume: 26; Linguagem: Inglês

10.1016/j.dib.2019.104437

ISSN

2352-3409

Autores

Ibrahim Sadek, Penny Chong, Shafiq Ul Rehman, Yuval Elovici, Alexander Binder,

Tópico(s)

Network Security and Intrusion Detection

Resumo

This article presents a dataset for studying the detection of obfuscated malware in volatile computer memory. Several obfuscated reverse remote shells were generated using Metasploit-Framework, Hyperion, and PEScrambler tools. After compromising the host, Memory snapshots of a Windows 10 virtual machine were acquired using the open-source Rekall's WinPmem acquisition tool. The dataset is complemented by memory snapshots of uncompromised virtual machines. The data includes a reference for all running processes as well as a mapping for the designated malware running inside the memory. The datasets are available in the article, for advancing research towards the detection of obfuscated malware from volatile computer memory during a forensic analysis.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques