|
---
|
|
license: apache-2.0
|
|
---
|
|
|
|
# QuasarNix: Adversarially Robust Living-off-The-Land Reverse-Shell Detection Informed by Malicious Data Augmentation and Machine Learning
|
|
|
|
<img src="https://raw.githubusercontent.com/dtrizna/QuasarNix/main/img/quasaroutflow.png" width=600>
|
|
|
|
## Description
|
|
|
|
This repository contains the pre-trained models from the paper "Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation" by Dmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli. The paper pre-print is available on [arXiv](https://arxiv.org/abs/2402.18329).
|
|
|
|
Security Information and Event Management (SIEM) cyber-threat detection solutions are highly extensible, with numerous public collections of signature-based rules. However, there are no known repositories with behavioral Machine Learning~(ML) cyber-threat detection heuristics. To address this gap, we develop framework for constructing ML detectors that leverages data augmentation. Based on our framework, we are releasing production-ready adversarially robust ML detectors of Linux living-off-the-land (LOTL) reverse shells, trained on all known LOTL reverse shell manifestations identified by our threat intelligence.
|
|
|
|
To the best of our knowledge, we are the first to publicly release generally applicable ML cyber-threat detection models suitable to wide variety of SIEM environments.
|
|
|
|
## Code
|
|
|
|
<https://github.com/dtrizna/QuasarNix>
|
|
|
|
## Cite Us
|
|
|
|
```bibtex
|
|
@misc{trizna2024livingoffthelandreverseshelldetectioninformed,
|
|
title={Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation},
|
|
author={Dmitrijs Trizna and Luca Demetrio and Battista Biggio and Fabio Roli},
|
|
year={2024},
|
|
eprint={2402.18329},
|
|
archivePrefix={arXiv},
|
|
primaryClass={cs.CR},
|
|
url={https://arxiv.org/abs/2402.18329},
|
|
}
|
|
```
|
|
|
