[Security-meetings] Security Meeting tomorrow
Md Lutfor Rahman
mrahm011 at ucr.edu
Wed Oct 17 10:36:59 PDT 2018
We have a gentle reminder and little update regarding our group meeting. We
are going to meet at 2 PM at MSE201. Wei Song will present his CCS'18
paper in today's meeting. Hang will present his ongoing project sometimes
later. Sorry for last minutes changes.
The title of his paper is: "DeepMem: Learning Graph Neural Network Models
for Fast and Robust Memory Forensic Analysis".
*ABSTRACT*
Kernel data structure detection is an important task in memory forensics
that aims at identifying semantically important kernel data structures from
raw memory dumps. It is primarily used to collect evidence of malicious or
criminal behaviors. Existing approaches have several limitations: 1)
list-traversal approaches are vulnerable to DKOM attacks, 2) robust
signature-based approaches are not scalable or efficient, because it needs
to search the entire memory snapshot for one kind of objects using one
signature, and 3) both list-traversal and signature-based approaches all
heavily rely on domain knowledge of operating system. Based on the
limitations, we propose DeepMem, a graph-based deep learning approach to
automatically generate abstract representations for kernel objects, with
which we could recognize the objects from raw memory dumps in a fast and
robust way. Specifically, we implement 1) a novel memory graph model that
reconstructs the content and topology information of memory dumps, 2) a
graph neural network architecture to embed the nodes in the memory graph,
and 3) an object detection method that cross-validates the evidence
collected from different parts of objects. Experiments show that DeepMem
achieves high precision and recall rate in identify kernel objects from raw
memory dumps. Also, the detection strategy is fast and scalable by using
the intermediate memory graph representation. Moreover, DeepMem is robust
against attack scenarios, like pool tag manipulation and DKOM process
hiding.
Regards,
Md Lutfor Rahman
Ph.D. Candidate
Department of Computer Science & Engineering
University of California, Riverside
Cell: 205 413 6573
Email: mrahm011 at ucr.edu
Webpage: http://www.cs.ucr.edu/~mrahm011/
On Tue, Oct 16, 2018 at 5:30 PM Md Lutfor Rahman <mrahm011 at ucr.edu> wrote:
> Correction: Hang will be tomorrow's presenter. Sorry for this
> inconvenience.
>
> Regards,
>
> Md Lutfor Rahman
> Ph.D. Candidate
> Department of Computer Science & Engineering
> University of California, Riverside
> Cell: 205 413 6573
> Email: mrahm011 at ucr.edu
> Webpage: http://www.cs.ucr.edu/~mrahm011/
>
>
>
>
>
> On Tue, Oct 16, 2018 at 5:05 PM Md Lutfor Rahman <mrahm011 at ucr.edu> wrote:
>
>> Hi All,
>>
>> This is just a gentle reminder.
>>
>> We have our security group meeting tomorrow from 2-3PM at MSE 201.
>> Pengxiong Zhu will present on the topics "Towards automatic test harness
>> generation for fuzzing".
>>
>>
>> https://docs.google.com/spreadsheets/d/1V4hsBpPkS0AMCe78932ZBVpaendnc3n1cpEZRgfDsJQ/edit#gid=0
>>
>>
>> Regards,
>>
>> Md Lutfor Rahman
>> Ph.D. Candidate
>> Department of Computer Science & Engineering
>> University of California, Riverside
>> Cell: 205 413 6573
>> Email: mrahm011 at ucr.edu
>> Webpage: http://www.cs.ucr.edu/~mrahm011/
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://fenris.cs.ucr.edu/pipermail/security-meetings/attachments/20181017/a4bfe7db/attachment-0001.html>
More information about the Security-meetings
mailing list