Visible to the public Using Deep-Learning-Based Memory Analysis for Malware Detection in Cloud

Submitted by aekwall on Mon, 10/26/2020 - 12:13pm
TitleUsing Deep-Learning-Based Memory Analysis for Malware Detection in Cloud
Publication TypeConference Paper
Year of Publication2019
AuthorsLi, Huhua, Zhan, Dongyang, Liu, Tianrui, Ye, Lin
Conference Name2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW)
Date Publishednov
Keywordscloud computing, cloud nodes, Deep Learning, deep learning technology, deep-learning-based memory analysis, dynamic analysis approach, feature extraction, file system, Gray-scale, Human Behavior, invasive software, learning (artificial intelligence), machine-learning-based approaches, malicious binary files, Malware, malware analysis, malware detection, malware execution, Memory Analysis, memory analysis approach, Metrics, Monitoring, Predictive Metrics, privacy, pubcrawl, real-world malwares, Resiliency, run-time overhead, virtual machine, Virtual machine monitors, virtual machines, Virtual machining, zero-day malware
AbstractMalware is one of the biggest threats in cloud computing. Malware running inside virtual machines or containers could steal critical information or continue to attack other cloud nodes. To detect malware in cloud, especially zero-day malware, signature-and machine-learning-based approaches are proposed to analyze the execution binary. However, malicious binary files may not permanently be stored in the file system of virtual machine or container, periodically scanner may not find the target files. Dynamic analysis approach usually introduce run-time overhead to virtual machines, which is not widely used in cloud. To solve these problems, we propose a memory analysis approach to detect malware, employing the deep learning technology. The system analyzes the memory image periodically during malware execution, which will not introduce run-time overhead. We first extract the memory snapshot from running virtual machines or containers. Then, the snapshot is converted to a grayscale image. Finally, we employ CNN to detect malware. In the learning phase, malicious and benign software are trained. In the testing phase, we test our system with real-world malwares.
DOI10.1109/MASSW.2019.00008
Citation Keyli_using_2019
Groups: