Hugging Face's logo

dtrizna
/
QuasarNix

Model card Files Community

QuasarNix: Adversarially Robust Living-off-The-Land Reverse-Shell Detection Informed by Malicious Data Augmentation and Machine Learning

Description

This repository contains the pre-trained models from the paper "Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation" by Dmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli. The paper pre-print is available on arXiv.

Security Information and Event Management (SIEM) cyber-threat detection solutions are highly extensible, with numerous public collections of signature-based rules. However, there are no known repositories with behavioral Machine Learning~(ML) cyber-threat detection heuristics. To address this gap, we develop framework for constructing ML detectors that leverages data augmentation. Based on our framework, we are releasing production-ready adversarially robust ML detectors of Linux living-off-the-land (LOTL) reverse shells, trained on all known LOTL reverse shell manifestations identified by our threat intelligence.

To the best of our knowledge, we are the first to publicly release generally applicable ML cyber-threat detection models suitable to wide variety of SIEM environments.

Code

https://github.com/dtrizna/QuasarNix

Cite Us 

@misc{trizna2024livingoffthelandreverseshelldetectioninformed,
      title={Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation}, 
      author={Dmitrijs Trizna and Luca Demetrio and Battista Biggio and Fabio Roli},
      year={2024},
      eprint={2402.18329},
      archivePrefix={arXiv},
      primaryClass={cs.CR},
      url={https://arxiv.org/abs/2402.18329}, 
}
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model is not currently available via any of the supported Inference Providers.
The model cannot be deployed to the HF Inference API: The model has no library tag.