Publication Type
Conference Paper
Journal Name
Proceedings of the ACM Conference on Computer and Communications Security
Publication Date
Page Numbers
2267 to 2269
Volume
25
Conference Name
ACM SIGSAC Conference on Computer and Communications Security (CCS 2018)
Conference Location
Toronto, Canada
Conference Sponsor
ACM
Conference Date
-
Abstract
In this work, we take a fundamentally different approach to the problem of analyzing a device for compromises via malware; our approach is OS and instruction architecture independent and relies only on having the raw binary data extracted from the memory dump of a device. Our system leverages a multi-hundred TB dataset of both compromised host memory dumps extracted from the MalRec dataset [8] and the first known dataset of benign host memory dumps running normal, non-compromised software. After an average of 30 to 45 seconds of pre-processing on a single memory dump, our system leverages both traditional machine learning and deep learning algorithms to achieve an average of 98% accuracy of detecting a compromised host.