Malware Analysis and Detection Pipeline (MAPD)

1 0
  • 0 Collaborators

...learn more

Project status: Under Development

Artificial Intelligence

Intel Technologies
Other

Code Samples [1]

Overview / Usage

Malware are becoming stealthier and more complex, and thus more difficult to find and analyze. In response to this, different memory forensic and analysis tools and their plugins have been developed. These, however, generate large amounts of data to be analyzed, which in turn also increases the chances of human error during analysis. Due to the difficulty of analyzing memory images for forensic evidence, and the possibility of missing potentially crucial information, we have constructed a pipeline for the creation, processing, and analysis and classification of memory images. First, memory images are created via snapshot of a virtual machine. Then, different features are extracted using memory forensic tools. The data is then pre-processed, and finally analyzed and classified using machine learning algorithms.

Methodology / Approach

MAPD consists of Four main parts, each having a distinct objective, and each feeding into the next.
Data Extraction Uses Script to call different volatility plugins
Psxview
APIhook
Msg hook
Event hook
DLList
Malfind

feature-set extraction and Pre-Processing:
Pre-Processing Data
Features are combined in single file with specific format
Field values are converted into binary numbers

Malware Detection
Using Decision trees and Neural networks

Repository

https://github.com/MForensic/ML-AI-Malware-Forensic

Comments (0)