Hydrakon, a framework for measuring indicators of deception in emulated monitoring systems

Published: 1 October 2024| Version 1 | DOI: 10.17632/mz92nbb2zv.1
Contributor:
Kon Papazis

Description

Dataset contains data from Windows 10 Operating System categories such as Devices, Processes, Services, Applications etc. the data is extracted from real machines (bare-metal), VirtualBox, VMware and KVM virtual machines, FlareVM and a custom sandbox.

Files

Steps to reproduce

Data was collated by running PowerShell script Windows-Vectors.ps1 on each target system and the results were stored in csv files and returned to the host controller for further processing. The host controller runs a python script that parses the csv files and applies Cosine Similarity to extract specific features from each csv file. The results from each target are displayed in a Table and Bar graph to show the similarity of artifacts from several Windows 10 Operating System categories such as processes, devices, services etc. The targets in this experiment include real machines, virtual machines and sandboxes.

Institutions

La Trobe University - Melbourne Campus

Categories

Cybersecurity

Licence