Dmitrijs Trizna
commited on
Commit
·
2bb8567
1
Parent(s):
dfc9ed9
README
Browse files
README.md
CHANGED
|
@@ -1,11 +1,21 @@
|
|
| 1 |
# QuasarNix: Adversarially Robust Living-off-The-Land Reverse-Shell Detection Informed by Malicious Data Augmentation and Machine Learning
|
| 2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
This repository contains the pre-trained models from the paper "Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation" by Dmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli. The paper pre-print is available on [arXiv](https://arxiv.org/abs/2402.18329).
|
| 4 |
|
| 5 |
Security Information and Event Management (SIEM) cyber-threat detection solutions are highly extensible, with numerous public collections of signature-based rules. However, there are no known repositories with behavioral Machine Learning~(ML) cyber-threat detection heuristics. To address this gap, we develop framework for constructing ML detectors that leverages data augmentation. Based on our framework, we are releasing production-ready adversarially robust ML detectors of Linux living-off-the-land (LOTL) reverse shells, trained on all known LOTL reverse shell manifestations identified by our threat intelligence.
|
| 6 |
|
| 7 |
To the best of our knowledge, we are the first to publicly release generally applicable ML cyber-threat detection models suitable to wide variety of SIEM environments.
|
| 8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
```bibtex
|
| 10 |
@misc{trizna2024livingoffthelandreverseshelldetectioninformed,
|
| 11 |
title={Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation},
|
|
|
|
| 1 |
# QuasarNix: Adversarially Robust Living-off-The-Land Reverse-Shell Detection Informed by Malicious Data Augmentation and Machine Learning
|
| 2 |
|
| 3 |
+
<img src="https://raw.githubusercontent.com/dtrizna/QuasarNix/main/img/quasaroutflow.png" width=600>
|
| 4 |
+
|
| 5 |
+
## Description
|
| 6 |
+
|
| 7 |
This repository contains the pre-trained models from the paper "Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation" by Dmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli. The paper pre-print is available on [arXiv](https://arxiv.org/abs/2402.18329).
|
| 8 |
|
| 9 |
Security Information and Event Management (SIEM) cyber-threat detection solutions are highly extensible, with numerous public collections of signature-based rules. However, there are no known repositories with behavioral Machine Learning~(ML) cyber-threat detection heuristics. To address this gap, we develop framework for constructing ML detectors that leverages data augmentation. Based on our framework, we are releasing production-ready adversarially robust ML detectors of Linux living-off-the-land (LOTL) reverse shells, trained on all known LOTL reverse shell manifestations identified by our threat intelligence.
|
| 10 |
|
| 11 |
To the best of our knowledge, we are the first to publicly release generally applicable ML cyber-threat detection models suitable to wide variety of SIEM environments.
|
| 12 |
|
| 13 |
+
## Code
|
| 14 |
+
|
| 15 |
+
<https://github.com/dtrizna/QuasarNix>
|
| 16 |
+
|
| 17 |
+
## Cite Us
|
| 18 |
+
|
| 19 |
```bibtex
|
| 20 |
@misc{trizna2024livingoffthelandreverseshelldetectioninformed,
|
| 21 |
title={Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation},
|