Cloud forensics is different than digital forensics because of the architectural implementation of the cloud. In an Infrastructure as a Service (IaaS) cloud model. Virtual Machines (VM) deployed over the cloud can be used by adversaries to carry out a cyber-attack using the cloud as an environment.
About the dataset
The dataset generated is a KVM monitoring dataset however we proposed a novel feature-set. The methodology used to generate these novel features are under publication and will be updated once the research article is published. This is one portion of the dataset. where the features can be used to train ML models for evidence detection.
The second portion of the dataset is published under the standard dataset of IEEE Dataport under the name of Memory Dumps of Virtual Machines for Cloud Forensics.
How to use
These two datasets can be used together as they are the outcome of the same experiment. Memory dumps have timestamp and VMID, UUID features.
or
This Dataset can be used to study the impact of an attack (origin) on the Rate of Resource utilization of a VM monitored at the hypervisor.
Sr No | Category | Feature | Description |
1 | Meta-data | LAST_POLL | epoch timestamp |
2 | VMID | The ID of the VM | |
3 | UUID | unique identifier of the domain | |
4 | dom | domain name | |
5 | Network | rxbytes_slope | Rate of received bytes from the network |
6 | rxpackets_slope | Rate of received packets from the network | |
7 | rxerrors_slope | Rate of the number of receive errors from the network | |
8 | rxdrops_slope | Rate of the number of received packets dropped from the network | |
9 | txbytes_slope | Rate of transmitted bytes from the network | |
10 | txpackets_slope | Rate of transmitted packets from the network | |
11 | txerrors_slope | Rate of the number of transmission errors from the network | |
12 | txdrops_slope | Rate of the number of transmitted packets dropped from the network | |
13 | Memory | timecpu_slope | Rate of time spent by vCPU threads executing guest code |
14 | timesys_slope | Rate of time spent in kernel space | |
15 | timeusr_slope | Rate of time spent in userspace | |
16 | state_slope | Rate of running state | |
17 | memmax_slope | Rate of maximum memory in kilobytes | |
18 | mem_slope | Rate of memory used in kilobytes | |
19 | cpus_slope | Rate of the number of virtual CPUs chaged | |
20 | cputime_slope | Rate of CPU time used in nanoseconds | |
21 | memactual_slope | Rate of Current balloon value (in KiB) | |
22 | memswap_in_slope | Rate of The amount of data read from swap space (in KiB) | |
23 | memswap_out_slope | Rate of The amount of memory written out to swap space (in KiB) | |
24 | memmajor_fault_slope | Rate of The number of page faults where disk IO was required | |
25 | memminor_fault_slope | Rate of The number of other page faults | |
26 | memunused_slope | Rate of The amount of memory left unused by the system (in KiB) | |
27 | memavailable_slope | Rate of The amount of usable memory as seen by the domain (in KiB) | |
28 | memusable_slope | Rate of The amount of memory that can be reclaimed by balloon without causing host swapping (in KiB) | |
29 | memlast_update_slope | Rate of The timestamp of the last update of statistics (in seconds) | |
30 | memdisk_cache_slope | Rate of The amount of memory that can be reclaimed without additional I/O, typically disk caches (in KiB) | |
31 | memhugetlb_pgalloc_slope | Rate of The number of successful huge page allocations initiated from within the domain | |
32 | memhugetlb_pgfail_slope | Rate of The number of failed huge page allocations initiated from within the domain | |
33 | memrss_slope | Rate of Resident Set Size of the running domain's process (in KiB) | |
34 | Disk | vdard_req_slope | Rate of the number of reading requests on the vda block device |
35 | vdard_bytes_slope | Rate of the number of reading bytes on the vda block device | |
36 | vdawr_reqs_slope | Rate of the number of write requests on the vda block device | |
37 | vdawr_bytes_slope | Rate of the number of write requests on vda the block device | |
38 | vdaerror_slope | Rate of the number of errors in the vda block device | |
39 | hdard_req_slope | Rate of the number of read requests on the hda block device | |
40 | hdard_bytes_slope | Rate of the number of read bytes on the had block device | |
41 | hdawr_reqs_slope | Rate of the number of write requests on the hda block device | |
42 | hdawr_bytes_slope | Rate of the number of write bytes on the hda block device | |
43 | hdaerror_slope | Rate of the number of errors in the hda block device | |
44 | TARGET | Status | Attack/Normal |
- Categories:
165 Views
Penetration testing plays an important role in securing websites. However, you need the right tools to run efficient tests. Penetration testing tools have different functions, pentest methodologies, features, and price ranges. It might be difficult to choose the ones most suitable for your organization. This post will briefly describe some of the finest penetration testing tools.
- Categories:
71 Views
We elaborate on the dataset collected from our testbed developed at Washington University in St. Louis, to perform real-world IIoT operations, carrying out attacks that are more prelevant against IIoT systems. This dataset is to be utilized in the research of AI/ML based security solutions to tackle the intrusion problem.
- Categories:
248 Views
This dataset is extracted from GitHub and contains 172,919 java source codes written by 3,128 authors. It can be used for authorship attribution.
- Categories:
151 Views
This dataset was produced as a part of my PhD research on Android malware detection using Multimodal Deep Learning. It contains raw data (DEX grayscale images), static analysis data (Android Intents & Permissions), and dynamic analysis data (system call sequences). For the conference research paper, please refer to https://sbic.org.br/eventos/cbic_2021/cbic2021-32/
Citations:
* FEATURES *
Field Name Field Type Input Domain
SHA256 String 32 bytes
DEX_PIXEL_0, ..., DEX_PIXEL_16383 Integer {0, 1, ..., 255}
INTENT_0, ..., INTENT_99 Integer {0, 1}
PERMISSION_0, ..., PERMISSION_99 Integer {0, 1}
SYSCALL_0, ..., SYSCALL_399 Integer {0, 1, ..., 123}
CLASS Integer {0 = Goodware, 1 = Malware}
intents = ['android.intent.action.main', 'android.intent.action.boot_completed', 'android.intent.action.view', 'android.intent.action.user_present', 'android.intent.action.package_added', 'android.intent.action.package_removed', 'android.intent.action.phone_state', 'android.intent.action.search', 'android.intent.action.package_replaced', 'android.intent.action.create_shortcut', 'android.intent.action.new_outgoing_call', 'android.intent.action.action_power_connected', 'android.intent.action.action_power_disconnected', 'android.intent.action.quickboot_poweron', 'android.intent.action.send', 'android.intent.action.data_sms_received', 'android.intent.action.media_mounted', 'android.intent.action.download_complete', 'android.intent.action.screen_on', 'android.intent.action.media_button', 'android.intent.action.action_shutdown', 'android.intent.action.media_eject', 'android.intent.action.media_unmounted', 'android.intent.action.sim_state_changed', 'android.intent.action.any_data_state', 'android.intent.action.battery_changed', 'android.intent.action.download_notification_clicked', 'android.intent.action.package_install', 'android.intent.action.media_removed', 'android.intent.action.delete', 'android.intent.action.time_set', 'android.intent.action.service_state', 'android.intent.action.media_checking', 'android.intent.action.sendto', 'android.intent.action.timezone_changed', 'android.intent.action.screen_off', 'android.intent.action.date_changed', 'android.intent.action.pick', 'android.intent.action.package_restarted', 'android.intent.action.send_multiple', 'android.intent.action.my_package_replaced', 'android.intent.action.get_content', 'android.intent.action.notification_add', 'android.intent.action.notification_remove', 'android.intent.action.notification_update', 'android.intent.action.battery_low', 'android.intent.action.respond_via_message', 'android.intent.action.set_wallpaper', 'android.intent.action.edit', 'android.intent.action.battery_okay', 'android.intent.action.airplane_mode', 'android.intent.action.locale_changed', 'android.intent.action.package_changed', 'android.intent.action.headset_plug', 'android.intent.action.sig_str', 'android.intent.action.action_external_applications_available', 'android.intent.action.action_date_changed', 'android.intent.action.action_time_changed', 'android.intent.action.action_media_eject', 'android.intent.action.action_package_added', 'android.intent.action.action_timezone_changed', 'android.intent.action.time_tick', 'android.intent.action.action_view_downloads', 'android.intent.action.close_system_dialogs', 'android.intent.action.web_search', 'android.intent.action.chinamobile_oms_game', 'android.intent.action.reboot', 'android.intent.action.dial', 'android.intent.action.media_scanner_finished', 'android.intent.action.action_package_changed', 'android.intent.action.package_data_cleared', 'android.intent.action.media_search', 'android.intent.action.assist', 'android.intent.action.call', 'android.intent.action.call_button', 'android.intent.action.wallpaper_changed', 'android.intent.action.quickboot_poweroff', 'android.intent.action.close_system_alarm', 'android.intent.action.insert', 'android.intent.action.media_bad_removal', 'android.intent.action.search_long_press', 'android.intent.action.default', 'android.intent.action.music_player', 'android.intent.action.ums_connected', 'android.intent.action.external_applications_available', 'android.intent.action.media_shared', 'android.intent.action.call_privileged', 'android.intent.action.run', 'android.intent.action.camsnap', 'android.intent.action.device_storage_low', 'android.intent.action.manage_network_usage', 'android.intent.action.videocap', 'android.intent.action.camera_button', 'android.intent.action.package_fully_removed', 'android.intent.action.proxy_change', 'android.intent.action.plug_in_airing', 'android.intent.action.set_alarm', 'android.intent.action.device_storage_ok', 'android.intent.action.media_scanner_started', 'android.intent.action.ringtone_picker']
permissions = ['android.permission.internet', 'android.permission.access_network_state', 'android.permission.write_external_storage', 'android.permission.read_phone_state', 'android.permission.access_wifi_state', 'android.permission.wake_lock', 'android.permission.access_coarse_location', 'android.permission.vibrate', 'android.permission.access_fine_location', 'android.permission.receive_boot_completed', 'android.permission.get_tasks', 'android.permission.get_accounts', 'android.permission.system_alert_window', 'android.permission.read_external_storage', 'android.permission.change_wifi_state', 'android.permission.send_sms', 'android.permission.camera', 'android.permission.write_settings', 'android.permission.mount_unmount_filesystems', 'android.permission.receive_sms', 'android.permission.call_phone', 'android.permission.read_sms', 'android.permission.read_contacts', 'android.permission.record_audio', 'android.permission.read_logs', 'android.permission.change_network_state', 'android.permission.restart_packages', 'android.permission.disable_keyguard', 'android.permission.modify_audio_settings', 'android.permission.write_sms', 'android.permission.access_location_extra_commands', 'android.permission.bluetooth', 'android.permission.use_credentials', 'android.permission.set_wallpaper', 'android.permission.flashlight', 'android.permission.broadcast_sticky', 'android.permission.write_contacts', 'android.permission.process_outgoing_calls', 'android.permission.kill_background_processes', 'android.permission.bluetooth_admin', 'android.permission.manage_accounts', 'android.permission.receive_user_present', 'android.permission.change_configuration', 'android.permission.install_packages', 'android.permission.access_mock_location', 'android.permission.download_without_notification', 'android.permission.write_apn_settings', 'android.permission.read_call_log', 'android.permission.receive_mms', 'android.permission.access_gps', 'android.permission.read_calendar', 'android.permission.access_download_manager', 'android.permission.authenticate_accounts', 'android.permission.baidu_location_service', 'android.permission.write_calendar', 'android.permission.system_overlay_window', 'android.permission.battery_stats', 'android.permission.delete_packages', 'android.permission.modify_phone_state', 'android.permission.get_package_size', 'android.permission.clear_app_cache', 'android.permission.receive_wap_push', 'android.permission.write_call_log', 'android.permission.write_secure_settings', 'android.permission.access_coarse_updates', 'android.permission.record_video', 'android.permission.interact_across_users_full', 'android.permission.read_settings', 'android.permission.read_profile', 'android.permission.set_wallpaper_hints', 'android.permission.expand_status_bar', 'android.permission.call_privileged', 'android.permission.change_component_enabled_state', 'android.permission.device_power', 'android.permission.write_sync_settings', 'android.permission.reorder_tasks', 'android.permission.read_sync_settings', 'android.permission.nfc', 'android.permission.change_wifi_multicast_state', 'android.permission.write_owner_data', 'android.permission.set_debug_app', 'android.permission.broadcast_sms', 'android.permission.package_usage_stats', 'android.permission.write_internal_storage', 'android.permission.broadcast_package_added', 'android.permission.broadcast_package_replaced', 'android.permission.broadcast_package_install', 'android.permission.access_location', 'android.permission.broadcast_package_changed', 'android.permission.access_mtk_mmhw', 'android.permission.read_owner_data', 'android.permission.manage_documents', 'android.permission.access_superuser', 'android.permission.write_media_storage', 'android.permission.update_device_stats', 'android.permission.access_assisted_gps', 'android.permission.read_sync_stats', 'android.permission.raised_thread_priority', 'android.permission.persistent_activity', 'android.permission.mout_unmount_filesystems']
syscalls = ['UNK', 'accept', 'access', 'bind', 'brk', 'cacheflush', 'capset', 'chdir', 'chmod', 'clock_gettime', 'clone', 'close', 'connect', 'dup', 'dup2', 'epoll_create', 'epoll_ctl', 'epoll_wait', 'execve', 'exit', 'exit_group', 'fchmod', 'fchown32', 'fcntl', 'fcntl64', 'fdatasync', 'fgetxattr', 'flock', 'fork', 'fsetxattr', 'fstat64', 'fsync', 'ftruncate', 'ftruncate64', 'futex', 'getcwd', 'getdents64', 'getegid32', 'geteuid32', 'getgid32', 'getgroups32', 'getpgid', 'getpid', 'getppid', 'getpriority', 'getresgid32', 'getresuid32', 'getrlimit', 'getsockname', 'getsockopt', 'gettid', 'gettimeofday', 'getuid32', 'inotify_add_watch', 'inotify_init', 'inotify_rm_watch', 'ioctl', 'kill', 'listen', 'lseek', 'lstat64', 'madvise', 'mkdir', 'mmap2', 'mprotect', 'mremap', 'msync', 'munmap', 'nanosleep', 'open', 'pciconfig_iobase', 'personality', 'pipe', 'poll', 'prctl', 'pread', 'ptrace', 'pwrite', 'read', 'readlink', 'recvfrom', 'recvmsg', 'rename', 'restart_syscall', 'rmdir', 'rt_sigreturn', 'rt_sigtimedwait', 'sched_getparam', 'sched_getscheduler', 'sched_yield', 'select', 'sendmsg', 'sendto', 'set_tls', 'setgid32', 'setgroups32', 'setitimer', 'setpgid', 'setpriority', 'setresuid32', 'setrlimit', 'setsid', 'setsockopt', 'setuid32', 'shutdown', 'sigaction', 'sigprocmask', 'sigreturn', 'socket', 'socketpair', 'stat64', 'statfs', 'statfs64', 'tgkill', 'timerfd', 'timerfd_settime', 'umask', 'uname', 'unlink', 'utimes', 'vfork', 'wait4', 'write', 'writev']
* ACKNOWLEDGMENTS *
We would like to thank Universidade Nove de Julho and the Coordination for the Improvement of Higher Education Personnel (CAPES) for supporting this research.
- Categories:
320 Views
The dataset consists of samples of DDoS attacks. The samples were generated either by dedicated tools such as Loic, Hulk, Thorshammer, or combined from publicly available source such as from DDoS Evaluation Dataset (CIC-DDoS2019).
- Categories:
191 Views
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks.
TBD
- Categories:
30 Views
The security testing focuses on evaluating the security of the web, mobile, networks, API, SaaS, blockchain & cloud applications by methodically validating & verifying the effectiveness of security controls. The process involves an active analysis of any application for any available weaknesses, technical flaws, or vulnerabilities.
The security audit scope of work will include:
- Categories:
44 Views
What is a Blockchain?
Merriam-Webster dictionary defines blockchain as,
A digital database containing information (such as records of financial transactions) that can be simultaneously used and shared within a large decentralized, publicly accessible network.
6 Types of Attacks on Blockchain
1. 51% Attacks (Sybil Attacks)
2. Double Spending Attacks
3. Routing Attacks
4. Private Key Security Attacks
5. Selfish Mining Attacks
6. Vulnerable Smart Contacts
- Categories:
182 Views
The time-to-market pressure and the continuous growing complexity of hardware designs have promoted the globalization of the Integrated Circuit (IC) supply chain. However, such globalization also poses various security threats in each phase of the IC supply chain. Although the advancements of Machine Learning (ML) have pushed the frontier of hardware security, most conventional ML-based methods can only achieve the desired performance by manually finding a robust feature representation for circuits that are non-Euclidean data. As a result, modeling these circuits using graph learning to imp
- Categories:
152 Views