| Title | Architecture for Resource-Aware VMI-based Cloud Malware Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Taubmann, Benjamin, Kolosnjaji, Bojan |
| Conference Name | Proceedings of the 4th Workshop on Security in Highly Connected IT Systems |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5271-0 |
| Keywords | cloud computing, Dynamic Malware Analysis, Human Behavior, machine learning, malware analysis, Metrics, privacy, pubcrawl, Resiliency, virtual machine introspection |
| Abstract | Virtual machine introspection (VMI) is a technology with many possible applications, such as malware analysis and intrusion detection. However, this technique is resource intensive, as inspecting program behavior includes recording of a high number of events caused by the analyzed binary and related processes. In this paper we present an architecture that leverages cloud resources for virtual machine-based malware analysis in order to train a classifier for detecting cloud-specific malware. This architecture is designed while having in mind the resource consumption when applying the VMI-based technology in production systems, in particular the overhead of tracing a large set of system calls. In order to minimize the data acquisition overhead, we use a data-driven approach from the area of resource-aware machine learning. This approach enables us to optimize the trade-off between malware detection performance and the overhead of our VMI-based tracing system. |
| URL | http://doi.acm.org/10.1145/3099012.3099015 |
| DOI | 10.1145/3099012.3099015 |
| Citation Key | taubmann_architecture_2017 |
Architecture for Resource-Aware VMI-based Cloud Malware Analysis