Skip to content

momalab/amaya

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
dataset
 
 
libraries
 
 
model_training
 
 
LICENSE
 
 
README.md
 
 
extract_pmem_nonintrusive.py
 
 
result_calculation.py
 
 
start_lauterbach.py
 
 
Amaya Overview Requirements Instructions Configuring Lauterbach helper library Feature extraction from binary files Feature compression: Result verification: Non-intrusive runtime process memory extraction: Cite us Contact us

README.md

Amaya

Overview

Amaya is an external non-intrusive malware detection tool that uses the Joint Test Action Group (JTAG) port for collecting text sections of processes directly from the main memory and ML to detect malware.

Requirements

Linux
Lauterbach TRACE32
Required python libraries

Instructions

Configuring Lauterbach helper library

  • In libraries/lauterbach-config:
    • Change T32_PATH to point to t32marm-qt binary
    • Change T32_CONFIG_PATH to the configuration file inside the Lauterbach directory (config.t32)
  • In libraries/bbb-linux-aware:
    • Change kernel binary path (Line 18: Data.LOAD.Elf)
    • Change TASK.CONFIG path (Line 26)
    • Change MENU.ReProgram path (Line 27)

Feature extraction from binary files

  • In model_training/feature_extraction.py:
    • Change DATASET_PATH to the directory with the binary files
  • Features:
    • model_training/entropy_raw_2d/: Stores the entropy values
    • model_training/string_info/: Stores the string histogram
    • model_training/syscall_info/: Stores syscall histogram

Feature compression:

  • In model_training/feature_compression.py:
    • Change datasetMalBasePath to the directory with malware features
    • Change datasetGoodBasePath to the directory with goodware features
    • Change resultPath to the directory for result storage

Result verification:

  • Run result_calculation.py which gets features from dataset directory and displays the result on terminal.

Non-intrusive runtime process memory extraction:

  • Run start_lauterbach.py after configuring Lauterbach helper library
  • Run extract_pmem_nonintrusive.py, which stores extracted memory in extracted_files directory.

Cite us

If you like the work, please cite our DATE' 21 paper:

@inproceedings{rajput2021towards, title={Towards Non-intrusive Malware Detection for Industrial Control Systems}, author={Rajput, Prashant Hari Narayan and Maniatakos, Michail}, booktitle={2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)}, pages={1703--1706}, year={2021}, organization={IEEE} }

Contact us

For more information or help with the setup, please contact Prashant Rajput at prashanthrajput@nyu.edu

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages