Abstract
Cloud Infrastructure as a Service (IaaS) is vulnerable to malware due to its exposure to external adversaries, making it a lucrative attack vector for malicious actors. A datacenter infected with malware can cause data loss and/or major disruptions to service for its users. This paper analyzes and compares various Convolutional Neural Networks (CNNs) for online detection of malware in cloud IaaS. The detection is performed based on behavioural data using process level performance metrics including cpu usage, memory usage, disk usage etc. We have used the state of the art DenseNets and ResNets in effectively detecting malware in online cloud system. These CNNs are designed to extract features from data gathered from live malware running on a real cloud environment. Experiments are performed on OpenStack (a cloud IaaS software) testbed designed to replicate a typical 3-tier web architecture. Comparative analysis is performed for different CNN models.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Openstack. https://www.openstack.org/.
- 2.
NS2 Manual. http://www.isi.edu/nsnam/ns/doc/node509.html.
- 3.
VirusTotal Website. https://www.virustotal.com.
References
Mell, P., Grance, T., et al.: The NIST definition of cloud computing (2011)
Gruschka, N., et al.: Attack surfaces: a taxonomy for attacks on cloud services. In: Proceedings of IEEE International Conference on Cloud Computing, pp. 276–279 (2010)
Abdelsalam, M., et al.: Malware detection in cloud infrastructures using convolutional neural networks. In: Proceedings of IEEE International Conference on Cloud Computing (CLOUD), pp. 162–169 (2018)
Abdelsalam, M., Krishnan, R., Sandhu, R.: Clustering-based IaaS cloud monitoring. In: Proceedings of IEEE International Conference on Cloud Computing (CLOUD), pp. 672–679 (2017)
Abdelsalam, M., Krishnan, R., Sandhu, R.: Online malware detection in cloud auto-scaling systems using shallow convolutional neural networks. In: Foley, S.N. (ed.) DBSec 2019. LNCS, vol. 11559, pp. 381–397. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22479-0_20
Pannu, H.S. Liu, J., Fu, S.: Aad: adaptive anomaly detection system for cloud computing infrastructures. In: Proceedings of IEEE Symposium on Reliable Distributed Systems, pp. 396–397 (2012)
Dawson, J.A., et al.: Phase space detection of virtual machine cyber events through hypervisor-level system call analysis. In: Proceedings of IEEE International Conference on Data Intelligence and Security (ICDIS), pp. 159–167 (2018)
Wang, C.: Ebat: online methods for detecting utility cloud anomalies. In: Proceedings of the Middleware Doctoral Symposium, pp. 1–6 (2009)
Watson, M.R., et al.: Malware detection in cloud computing infrastructures. IEEE Trans. Dependable Secure Comput. 13(2), 192–205 (2015)
Alazab, M., et al.: Zero-day malware detection based on supervised learning algorithms of API call signatures. In: Proceedings of the Australasian Data Mining Conference, pp. 171–182. Australian Computer Society Inc. (2011)
Pirscoveanu, R.S., et al.: Analysis of malware behavior: type classification using machine learning. In: Proceedings of IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment, pp. 1–7 (2015)
Tobiyama, S., et al.: Malware detection with deep neural network using process behavior. In: Proceedings of IEEE Annual Computer Software and Applications Conference, vol. 2, pp. 577–582 (2016)
Luckett, P., et al.: Neural network analysis of system call timing for rootkit detection. In: Proceedings of Cybersecurity Symposium (CYBERSEC), pp. 1–6, April 2016
Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: a multi-level anomaly detector for android malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33704-8_21
Demme, J., et al.: On the feasibility of online malware detection with performance counters. ACM SIGARCH Comput. Archit. News 41(3), 559–570 (2013)
Khasawneh, K.N., Ozsoy, M., Donovick, C., Abu-Ghazaleh, N., Ponomarev, D.: Ensemble learning for low-level hardware-supported malware detection. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 3–25. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_1
Xu, Z., et al.: Malware detection using machine learning based analysis of virtual memory access patterns. In: Proceedings of IEEE Design, Automation & Test in Europe Conference & Exhibition, pp. 169–174 (2017)
Sterbenz, J.P.G., et al.: Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Comput. Networks 54(8), 1245–1265 (2010)
Watson, M.R., Shirazi, N.--H., Marnerides, A.K., Mauthe, A., Hutchison, D.: Towards a distributed, self-organising approach to malware detection in cloud computing. In: Elmenreich, W., Dressler, F., Loreto, V. (eds.) IWSOS 2013. LNCS, vol. 8221, pp. 182–185. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54140-7_19
Marnerides, A.K., et al.: A multi-level resilience framework for unified networked environments. In: Proceedings of IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1369–1372 (2015)
Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52, 16–25 (2016)
Firdausi, I., et al.: Analysis of machine learning techniques used in behavior-based malware detection. In: Proceedings of IEEE International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 201–203 (2010)
Azmandian, F., et al.: Virtual machine monitor-based lightweight intrusion detection. ACM SIGOPS Oper. Syst. Rev. 45(2), 38–53 (2011)
LeCun, Y., et al.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)
Agarap, A.F.: Deep learning using rectified linear units (relu). arXiv preprint arXiv:1803.08375 (2018)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. arXiv preprint arXiv:1512.03385 (2015)
Huang, G., Liu, Z., Weinberger, K.Q.: Densely connected convolutional networks. CoRR, abs/1608.06993 (2016)
Pascanu, R., Mikolov, T., Bengio, Y.: Understanding the exploding gradient problem. CoRR, abs/1211.5063 (2012)
Metz, C.E.: Receiver operating characteristic analysis: a tool for the quantitative evaluation of observer performance and imaging systems. J. Am. College Radiol. 3(6), 413–422 (2006)
Acknowledgment
This work is partially supported by NSF SFS Grant DGE-1565562.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
McDole, A., Abdelsalam, M., Gupta, M., Mittal, S. (2020). Analyzing CNN Based Behavioural Malware Detection Techniques on Cloud IaaS. In: Zhang, Q., Wang, Y., Zhang, LJ. (eds) Cloud Computing – CLOUD 2020. CLOUD 2020. Lecture Notes in Computer Science(), vol 12403. Springer, Cham. https://doi.org/10.1007/978-3-030-59635-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-59635-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59634-7
Online ISBN: 978-3-030-59635-4
eBook Packages: Computer ScienceComputer Science (R0)