Pushpa Publishing House

Journal Menu

Content

Volume 41 (2024)

	Volume 41, Issue 8 (In Progress) Pg 603 - 695 (November 2024)
	Volume 41, Issue 7 Pg 521 - 602 (October 2024)
	Volume 41, Issue 6 Pg 441 - 520 (August 2024)
	Volume 41, Issue 5 Pg 341 - 439 (July 2024)
	Volume 41, Issue 4 Pg 281 - 339 (May 2024)
	Volume 41, Issue 3 Pg 203 - 280 (April 2024)
	Volume 41, Issue 2 Pg 105 - 201 (February 2024)
	Volume 41, Issue 1 Pg 1 - 104 (January 2024)

Volume 40 (2023)

Volume 39 (2023)

Volume 38 (2023)

Volume 29 (2022)

Volume 28 (2021)

Volume 27 (2021)

Volume 26 (2021)

Volume 25 (2020)

Volume 24 (2020)

Volume 23 (2020)

Volume 22 (2019)

Volume 21 (2019)

Volume 20 (2019)

Volume 19 (2018)

Volume 18 (2017)

Volume 17 (2016)

Volume 16 (2015)

Volume 15 (2015)

Volume 14 (2014)

Volume 13 (2014)

Volume 12 (2013)

Volume 11 (2013)

Volume 10 (2012)

Volume 7 (2011)

Volume 6 (2010)

Volume 5 (2010)

Volume 4 (2009)

Volume 3 (2009)

Volume 2 (2008)

Volume 1 (2008)

Advances and Applications in Discrete Mathematics

Advances and Applications in Discrete Mathematics
Volume 41, Issue 8 (In Progress), Pages 603 - 640 (November 2024)
http://dx.doi.org/10.17654/0974165824040

A FRAMEWORK TO ANALYZE OS SYSTEMS ARTIFACTS FROM LINUX MACHINES

Ghaida Mubarak and Sultan Alasmari

Abstract:

Memory forensics plays a pivotal role in digital investigations, providing crucial insights into the activities and artifacts of an operating system. This paper explores the application of deep learning techniques in the domain of memory forensics within the Linux environment. Linux-based systems are widely used in various contexts, including servers, embedded devices, and desktops, making memory analysis in this ecosystem of paramount importance. Traditional memory forensics techniques have relied on manual analysis, which is often time-consuming and error prone. Deep learning, a subfield of machine learning, has demonstrated remarkable capabilities in pattern recognition and feature extraction tasks. In response, this paper presents a novel framework that automates and improves memory analysis through deep learning. Key components of this framework include data collection, preprocessing, feature extraction, and model selection. We introduce a unique dataset specifically curated for Linux memory forensics, facilitating the development and evaluation of deep learning models. Our experimental results demonstrate the efficacy of using a ResNet-50 model for detecting and classifying malware from memory dumps, achieving a detection rate of 98.75% and an accuracy rate of 89% in classifying malware types. Additionally, we acknowledged the challenges and limitations of applying deep learning in memory forensics, such as model interpretability and data privacy concerns. Future research directions are discussed, including real-time memory analysis integration and techniques for handling encrypted and compressed memory data.

Keywords and phrases:

memory forensics, deep learning, Linux, cybersecurity, digital forensics.

Received: June 1, 2024; Revised: July 19, 2024; Accepted: July 31, 2024; Published: October 9, 2024

How to cite this article: Ghaida Mubarak and Sultan Alasmari, A framework to analyze OS systems artifacts from Linux machines, Advances and Applications in Discrete Mathematics 41(8) (2024), 603-640. https://doi.org/10.17654/0974165824040

This Open Access Article is Licensed under Creative Commons Attribution 4.0 International License

References:
[1] A. Arora, S. Garg and S. K. Peddoju, Malware detection using network traffic analysis in android based mobile devices, Proceedings of the 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies, IEEE, 2014, pp. 66-71.
[2] E. Casey, Digital Evidence and Computer Crime, Academic Press, 2011.
[3] M. H. Ligh, A. Case, J. Levy and A. Walters, The art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, John Wiley & Sons, 2014.
[4] A. A. Khan, A. A. Shaikh, A. A. Laghari, M. A. Dootio, M. M. Rind and S. A. Awan, Digital forensics and cyber forensics investigation: Security challenges, limitations, open issues, and future direction, International Journal of Electronic Security and Digital Forensics 14 (2022), 124-150.
[5] R. Chandel, Memory Forensics Using Volatility Framework. https://www.hackingarticles.in/memory-forensics-using-volatility-framework/, 2020. Accessed: 2023-11-24.
[6] I. Goodfellow, Y. Bengio and A. Courville, Deep Learning, MIT Press, 2016.
[7] M. A. Ferrag, L. Maglaras, S. Moschoyiannis and H. Janicke, Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study, Journal of Information Security and Applications 50 (2020), 102419.
[8] P. Himthani, G. P. Dubey, B. M. Sharma and A. Taneja, Big data privacy and challenges for machine learning, Proceedings of the 2020 Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), IEEE, 2020, pp. 707-713.
[9] M. I. Nissan, J. Wagner and S. Aktar, Database memory forensics: A machine learning approach to reverse-engineer query activity, Forensic Science International: Digital Investigation 44 (2023), 301503.
[10] X. Du, C. Hargreaves, J. Sheppard, F. Anda, A. Sayakkara, N. A. Le-Khac and M. Scanlon, SoK: Exploring the state of the art and the future potential of artificial intelligence in digital forensic investigation, Proceedings of the 15th International Conference on Availability, Reliability and Security, 2020, pp. 1-10.
[11] S. Zhang, C. Hu, L. Wang, M. J. Mihaljevic, S. Xu and T. Lan, A Malware detection approach based on deep learning and memory forensics, Symmetry 15 (2023), 758.
[12] B. Khilosiya and K. Makadiya, Malware analysis and detection using memory forensic, Multidiscip. Int. Res. J. Gujarat Technol. Univ. 2 (2020), 106.
[13] K. He, X. Zhang, S. Ren and J. Sun, Deep residual learning for image recognition, Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016, pp. 770-778.
[14] R. Verma, J. Govindaraj, S. Chhabra and G. Gupta, Df 2.0: An automated, privacy preserving, and efficient digital forensic framework that leverages machine learning for evidence prediction and privacy evaluation, Journal of Digital Forensics, Security and Law 14 (2019), 3.
[15] T. Nayerifard, H. Amintoosi, A. G. Bafghi and A. Dehghantanha, Machine Learning in Digital Forensics: A Systematic Literature Review, arXiv preprint arXiv:2306.04965 2023.
[16] S. I. Imtiaz, S. ur Rehman, A. R. Javed, Z. Jalil, X. Liu and W. S. Alnumay, DeepAMD: Detection and identification of Android malware using high-efficient deep artificial neural network, Future Generation Computer Systems 115 (2021), 844-856.
[17] T. Landman and N. Nissim, Deep-Hook: A trusted deep learning-based framework for unknown malware detection and classification in Linux cloud environments, Neural Networks 144 (2021), 648-685.
[18] T. Panker and N. Nissim, Leveraging malicious behavior traces from volatile memory using machine learning methods for trusted unknown malware detection in Linux cloud environments, Knowledge-Based Systems 226 (2021), 107095.
[19] Q. Wang, W. U. Hassan, D. Li, K. Jee, X. Yu, K. Zou, J. Rhee, Z. Chen, W. Cheng, C. A. Gunter, et al., You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis, Proceedings of the NDSS, 2020.
[20] A. S. Bozkir, E. Tahillioglu, M. Aydos and I. Kara, Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision, Computers and Security 103 (2021), 102166.
[21] R. Sihwail, K. Omar and K. A. Z. Arifin, An effective memory analysis for malware detection and classification, Computers, Materials and Continua (2021), 67.
[22] S. S. H. Shah, N. Jamil and A. U. R. Khan, Memory visualization-based malware detection technique, Sensors 22 (2022), 7611.
[23] S. Sharma, P. Ahlawat and K. Khanna, DeepMDFC: A deep learning based android malware detection and family classification method, Security and Privacy (2023), p. e347.
[24] A. Ali-Gombe, S. Sudhakaran, R. Vijayakanthan and G. G. Richard III, cRGB_Mem: At the intersection of memory forensics and machine learning, Forensic Science International: Digital Investigation 45 (2023), 301564.
[25] J. Liu, Y. Feng, X. Liu, J. Zhao and Q. Liu, MRm-DLDet: A memory-resident malware detection framework based on memory forensics and deep neural network, Cybersecurity 6 (2023), 21.
[26] L. Nataraj, S. Karthikeyan, G. Jacob and B. S. Manjunath, Malware images: visualization and automatic classification, Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011, pp. 1 7.
[27] Abuse.ch, Malware Bazaar-Malware sample exchange. https://mb-api.abuse.ch, 2020. Accessed: 2024-03-23.
[28] N. Partush, Labeled-Elfs. https://github.com/nimrodpar/Labeled-Elfs, 2021. Accessed: 2024-03-23.
[29] Corporation, O. VirtualBox 6.1.50 [Software]. https://download.virtualbox.org/virtualbox/6.1.50/. Retrieved 2024-03-23.
[30] HashiCorp, Installing Vagrant. https://developer.hashicorp.com/vagrant/install. Accessed: 2024-03-23.
[31] M. Brengel and C. Rossow, Memscrimper: Time- and space-efficient storage of malware sandbox memory dumps, Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 2018, pp. 24-45.
[32] L. F. de Loaysa Babiano, R. Macfarlane and S. R. Davies, Evaluation of live forensic techniques, towards Salsa20-based cryptographic ransomware mitigation, Forensic Science International: Digital Investigation 46 (2023), 301572.