Director of Research (if dissertation) or Advisor (if thesis)
Campbell, Roy H.
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Date of Ingest
2015-09-29T20:38:50Z
Keyword(s)
Forensics
Memory
Visualization
Abstract
Increasingly complex malware continues to evade detection, stealing information, taking systems offline, and disrupting functionality of many computer systems. Traditional techniques have not adequately protected systems from attackers, and the most commonly used detection techniques overlook the contents of memory.
Modern systems contain a wealth of information in the contents of memory, but making use of that information is anything but trivial. There are a number of challenges related to both the acquisition and analysis of a system's memory.
Many forensic situations could involve machines in hostile environments, and many acquisition techniques result in artifacts, which reduce the fidelity of the image and hinder the analysis phase. Although the kernel memory space has come a long way in being mapped, the state of application memory has largely been unexplored.
We have created a toolset that extracts the application's context from the structure of pointers in a sample of that application's memory. This context allows us to perform statistical analysis, visualize the structure of memory, and provides a new way to train classifiers.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
LARSON-THESIS-2015.pdf
