Exploring application memory

Larson, Kevin Andrew

Permalink

https://hdl.handle.net/2142/88107 Copy

Description

Title

Exploring application memory

Author(s)

Larson, Kevin Andrew

Issue Date

2015-07-22

Director of Research (if dissertation) or Advisor (if thesis)

Campbell, Roy H.

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• Forensics
• Memory
• Visualization

Abstract

Increasingly complex malware continues to evade detection, stealing information, taking systems offline, and disrupting functionality of many computer systems. Traditional techniques have not adequately protected systems from attackers, and the most commonly used detection techniques overlook the contents of memory. Modern systems contain a wealth of information in the contents of memory, but making use of that information is anything but trivial. There are a number of challenges related to both the acquisition and analysis of a system's memory. Many forensic situations could involve machines in hostile environments, and many acquisition techniques result in artifacts, which reduce the fidelity of the image and hinder the analysis phase. Although the kernel memory space has come a long way in being mapped, the state of application memory has largely been unexplored. We have created a toolset that extracts the application's context from the structure of pointers in a sample of that application's memory. This context allows us to perform statistical analysis, visualize the structure of memory, and provides a new way to train classifiers.

Graduation Semester

2015-8

Type of Resource

text

Permalink

http://hdl.handle.net/2142/88107

Copyright and License Information

Copyright 2015 Kevin Larson

Owning Collections