MDCHD: A novel malware detection method in cloud using hardware trace and deep learning

With the development of cloud computing, more and more enterprises and institutes have deployed important computing tasks and data into virtualization environments. Virtualization security has become very important for cloud computing. When an attacker controls a victim’s virtual machine, he (or she...

Full description

Saved in:
Bibliographic Details
Published inComputer networks (Amsterdam, Netherlands : 1999) Vol. 198; p. 108394
Main Authors Tian, Donghai, Ying, Qianjin, Jia, Xiaoqi, Ma, Rui, Hu, Changzhen, Liu, Wenmao
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier B.V 24.10.2021
Elsevier Sequoia S.A
Subjects
Algorithms
Cloud computing
Color imagery
Control flow
Cybersecurity
Deep learning
Identification methods
Intel processor trace
Machine learning
Malware
Malware detection
Microprocessors
Performance enhancement
Virtual environments
Virtualization
Deep learning
Control flow
Intel processor trace
Malware detection
Virtualization
Online AccessGet full text

Cover

More Information
Summary:With the development of cloud computing, more and more enterprises and institutes have deployed important computing tasks and data into virtualization environments. Virtualization security has become very important for cloud computing. When an attacker controls a victim’s virtual machine, he (or she) may launch malware for malicious purpose in that virtual machine. To defend against malware attacks in the cloud, many virtualization-based approaches are proposed. However, the existing methods suffer from limitations in terms of transparency and performance cost. To address these issues, we propose MDCHD, a novel malware detection solution for virtualization environments. This method first utilizes the Intel Processor Trace (IPT) mechanism to collect the run-time control flow information of the target program. Then, it converts the control flow information into color images. By doing so, we can utilize a CNN-based deep learning method to identify malware from the images. To improve the performance of our detection mechanism, we leverage Lamport’s ring buffer algorithm. In this way, the control flow information collector and security checker can work concurrently. The evaluation shows that our approach can achieve acceptable detection accuracy with a minimal performance cost.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2021.108394