Hydrakon, a framework for measuring indicators of deception in emulated monitoring systems
Description
Dataset contains data from Windows 10 Operating System categories such as Devices, Processes, Services, Applications etc. the data is extracted from real machines (bare-metal), VirtualBox, VMware and KVM virtual machines, FlareVM and a custom sandbox.
Files
Steps to reproduce
Data was collated by running PowerShell script Windows-Vectors.ps1 on each target system and the results were stored in csv files and returned to the host controller for further processing. The host controller runs a python script that parses the csv files and applies Cosine Similarity to extract specific features from each csv file. The results from each target are displayed in a Table and Bar graph to show the similarity of artifacts from several Windows 10 Operating System categories such as processes, devices, services etc. The targets in this experiment include real machines, virtual machines and sandboxes.