Browsing by Author "Senarathne, A."

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    PublicationEmbargo
    An Automated Tool for Memory Forensics
    (2019 1st International Conference on Advancements in Computing (ICAC), SLIIT, 2019-12-05) Murthaja, M.; Sahayanathan, B.; Munasinghe, A.N.T.S.; Uthayakumar, D.; Rupasinghe, L.; Senarathne, A.
    In the present, memory forensics has captured the world’s attention. Currently, the volatility framework is used to extract artifacts from the memory dump, and the extracted artifacts are then used to investigate and to identify the malicious processes in the memory dump. The investigation process must be conducted manually, since the volatility framework provides only the artifacts that exist in the memory dump. In this paper, we investigate the four predominant domains of registry, DLL, API calls and network connections in memory forensics to implement the system ‘Malfore,’ which helps automate the entire process of memory forensics. We use the cuckoo sandbox to analyze malware samples and to obtain memory dumps and volatility frameworks to extract artifacts from the memory dump. The finalized dataset was evaluated using several machine learning algorithms, including RNN. The highest accuracy achieved was 98%, and it was reached using a recurrent neural network model, fitted to the data extracted from the DLL artifacts, and 92% accuracy was reached using a recurrent neural network model,fitted to data extracted from the network connection artifacts.
  • Thumbnail Image
    PublicationEmbargo
    Securing corporate data in mobile devices in a COPE environment
    (Faculty of Graduate Studies and Research, 2017-01-26) Rathnasekara, C.; Athukorala, T.; Dikwellage, L.; Wickramasuriya, U.; Senarathne, A.; Elvitigala, S.
    Bring Your Own Devices (BYOD) paved the way for allowing employees to use their own mobile devices for corporate work. But it increases the risk of leaking sensitive corporate information from employee's devices to outside. As a solution for this problem the Corporate Owned Personally Enabled (COPE) concept or idea introduced. In this concept, company owned devices can be used for both corporate and personal use of the employees. But in COPE stopping leakage of corporate data to outside as well as securing the privacy of the user is challenging. The Enterprise Secure Center (ESC) platform discussed here will consider about separation of corporate data from personal data to secure both organization information and personal information from being compromised. The ESC have an application mechanism which will enable COPE environment to secure organization data while allowing employees to use corporate devices for their personal use. ESC platform also provides answers to user's privacy issues and will be an initial step to implement BYOD within an organization as COPE is a part.