SkillAgentSearch skills...

DeepMem

A graph-based deep learning tool that can recognizes the kernel objects from raw memory dumps.

GenerateConvertImprove

Install / Use

/learn @weisong-ucr/DeepMem
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

DeepMem

DeepMem is a graph-based deep learning tool that automatically generates abstract representations for kernel objects, and recognizes the objects from raw memory dumps in a fast and robust way.

Specifically, we implement 1) a memory graph model that reconstructs the content and topology information of memory dumps, 2) a graph neural network architecture to embed the nodes in the memory graph, and 3) an object detection method that cross-validates the evidence collected from different parts of objects.

Reference

The paper of this project can be found at DeepMem. If you use this code for academic purposes, please cite it as:

@inproceedings{song2018deepmem,
  title={DeepMem: Learning Graph Neural Network Models for Fast and Robust Memory Forensic Analysis},
  author={Song, Wei and Yin, Heng and Liu, Chang and Song, Dawn},
  booktitle={Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
  pages={606--618},
  year={2018},
  organization={ACM}
}

How to use it?

1. Set up the environment

Python

Version 2.6 or 2.7, but not 3.0.

apt-get install pcregrep libpcre++-dev python-dev python -y

Distorm3

python -m pip install distorm3

More information: https://github.com/gdabah/distorm

PyCrypto

pip install pycrypto

More information: https://pypi.org/project/pycrypto/

TensorFlow

pip install tensorflow==1.3.0

2. Get memory dumps

Download the memory dumps used in our experiment from: https://drive.google.com/drive/u/1/folders/1SB-20rZPmSYWUo96ZjN7ue88IzBY01V8.

Create a folder memory_dumps/ in root directory of this project, and move all memory dumps to that folder.

Or you can create your memory dumps using our tool: https://github.com/bitsecurerlab/vm_mem_dump_tool.git.

3. Create memory graphs

cd create_memory_graphs/

python create_memory_graphs.py

4. Train the model

cd build_model

python train_model.py --obj_type _ETHREAD

Currently, we support 6 kernel objects: _EPROCESS, _ETHREAD, _DRIVER_OBJECT, _FILE_OBJECT, _LDR_DATA_TABLE_ENTRY, _CM_KEY_BODY.

During training, the script will save the current model to the build_model/model/ directory after every 100 iterations.

You may stop the training when the precision and recall is good enough for that kernel object.

5. Testing the model

cd build_model

python test_model.py --obj_type _ETHREAD --model_path model/_ETHREAD/20190705_142745/struct2vec_edge_type.HOP3._ETHREAD-10000

Related Skills

best-practices-researcher

The most comprehensive Claude Code skills registry | Web Search: https://skills-registry-web.vercel.app

groundhog

398

Groundhog's primary purpose is to teach people how Cursor and all these other coding agents work under the hood. If you understand how these coding assistants work from first principles, then you can drive these tools harder (or perhaps make your own!).

isf-agent

a repo for an agent that helps researchers apply for isf funding

last30days-skill

17.2k

AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary

weisong-ucr

View profile

View on GitHub
GitHub Stars14
CategoryEducation
Updated1y ago
Forks6
weisong-ucr/DeepMem

Languages

Python

Security Score

75/100

Audited on Feb 27, 2025

No findings