Beyond Traditional Testing: VMs and Abstraction in Correlation-Based IDS

Abstract

Hung Anh Vu

A key innovation, the C2 abstraction layer, was developed to facilitate a comprehensive testing environment that produces a myriad of attack scenarios. Current methodologies employ comprehensive malware analysis using machine learning and deep learning techniques [1,6]. However, this project aims to develop a comprehensive testing environment that allows for the generation of diverse malware attacks. As of now, I have created an automated environment where simulated attacker and victim machines interact in real time, serving as a realistic backdrop to assess the proposed IDS. Accompanying this is meticulous documentation on malware operations and the abstraction layer’s code. The current implementation can be found at https://github.com/HungAnhVu/C2abstraction.

PDF