Files in this item



application/pdfLARSON-THESIS-2015.pdf (4MB)
(no description provided)PDF


Title:Exploring application memory
Author(s):Larson, Kevin Andrew
Advisor(s):Campbell, Roy H.
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Abstract:Increasingly complex malware continues to evade detection, stealing information, taking systems offline, and disrupting functionality of many computer systems. Traditional techniques have not adequately protected systems from attackers, and the most commonly used detection techniques overlook the contents of memory. Modern systems contain a wealth of information in the contents of memory, but making use of that information is anything but trivial. There are a number of challenges related to both the acquisition and analysis of a system's memory. Many forensic situations could involve machines in hostile environments, and many acquisition techniques result in artifacts, which reduce the fidelity of the image and hinder the analysis phase. Although the kernel memory space has come a long way in being mapped, the state of application memory has largely been unexplored. We have created a toolset that extracts the application's context from the structure of pointers in a sample of that application's memory. This context allows us to perform statistical analysis, visualize the structure of memory, and provides a new way to train classifiers.
Issue Date:2015-07-22
Rights Information:Copyright 2015 Kevin Larson
Date Available in IDEALS:2015-09-29
Date Deposited:August 201

This item appears in the following Collection(s)

Item Statistics