Paper Info
Title
Malware Detection Based on Dynamic Multi-Feature Using Ensemble Learning at Hypervisor.
Abstract
More data and applications are moving to the cloud, which presents many new security risks. Malware is one of the most significant threats to cloud computing. In this paper, we explore to employ virtual machine introspection(VMI) and memory forensics analysis(MFA) techniques to detect malware running in guest virtual machines. Our scheme differs from existing malware detection methods based on virtualization technology in three aspects. First, this paper combines VMI with MFA to extract multiple type features in the guest virtual machine at the same time. Our scheme can effectively minimize the data acquisition overhead. Second, compared with single dynamic feature or multiple static feature detection methods, our data acquisition method employs dynamic multiple type features, and effectively promotes the ability of sophisticated malware detection. Finally, we use AdaBoost ensemble learning method and combination strategy of voting to improve the accuracy and generalization ability of the overall classifier. The experimental results based on a lot of real-world malware show that our scheme can achieve a detection accuracy of 0.9975. Our approach can improve virtual machines security, and further effectively enhance the security of cloud computing environment.
Year
DOI
Venue
2018
10.1109/GLOCOM.2018.8648070
IEEE Global Communications Conference
Keywords
Field
DocType
Malware detection,Virtual machine introspection,Memory forensics analysis,Ensemble learning,Dynamic Multi-feature
Virtualization,AdaBoost,Virtual machine,Memory forensics,Computer science,Hypervisor,Real-time computing,Artificial intelligence,Malware,Ensemble learning,Machine learning,Cloud computing
Conference
ISSN
Citations 
PageRank 
2334-0983
0
0.34
References 
Authors
0
7
Name
Order
Citations
PageRank
Jian Zhang1162.74
Cheng Gao255.84
Liangyi Gong33814.57
Zhaojun Gu402.37
Dapeng Man52910.54
Yang Wu66922.62
X. Du72320241.73