KVMInspector: KVM Based introspection approach to detect malware in cloud environment

Mishra, Preeti; Verma, Ishita; Gupta, Saurabh

doi:10.1016/j.jisa.2020.102460

Cited by 20 publications

(18 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the comparative analysis section, the proposed methodology is compared with state-of-art techniques such as VMGuard, 9 RNN, 32 deep RNN and metaheuristic feature selection, 33 and KVM inspector. 34 These techniques also include cloud-based IDSs that take account of the statistical meta-features. The comparative analysis of the proposed technique F I G U R E 5 Analyzing the performance in terms of false alarm rate…”

Section: Comparative Analysismentioning

confidence: 99%

Malicious behavior detection in cloud using self‐optimized dynamic kernel convolutional neural network

Alajlan

Almasri

2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Cloud computing is one example of a technological revolution that has drastically altered the way traditional commercial operations are conducted. Because cloud platforms are fundamentally revolutionizing the area of computing, they must provide safe transmission and storage of user data by assuring the confidentiality, integrity, and availability of the data. As a result, establishing a secure cloud computing framework is crucial, and security cannot only rely on the user's credentials being verified. To overcome this problem, this article presents a multi‐population genetic algorithm optimized dynamic kernel convolutional neural network to analyze the user's behavior to identify their malicious intent. This article describes a two‐stage malicious detection and prediction scheme. The proposed system's efficiency is measured by its ability to discriminate between nine different types of attacks in the UNSW‐NB15 dataset (abnormal behavior exhibited by users). The average true positive rate, false positive rate, precision, and F‐measure for the nine attack classes were 99.22%, 99.11%, 99.11%, and 99.22%, respectively, when evaluated using the UNSW‐NB15 dataset. The experimental results demonstrate that this technique is effective in detecting malicious behaviors in the cloud environment with higher accuracy.

show abstract

Section: Comparative Analysismentioning

confidence: 99%

Malicious behavior detection in cloud using self‐optimized dynamic kernel convolutional neural network

Alajlan

Almasri

2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…Due to the lack of public dataset, they collected dataset from a production environment of cloud service provider to train their IDS model. Mishra (2020) 17 has proposed KVMInspector which is a VMI based malware detection system for cloud. They used machine learning algorithms with ensemble heterogeneous classifiers for the detection of malware inside VM from the hypervisor.…”

Section: Existing Workmentioning

confidence: 99%

“…Previously, Virtual Machine Introspection (VMI) was used in dynamic malware analysis 15 . Recently, VMI technique is used in IDS development also to detect intrusions at Virtual Machines (VM) of cloud 16‐18 . A Hypervisor or Virtual Machine Monitor (VMM) is responsible for managing virtual machines and other resources of cloud computing.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic malware attack dataset leveraging virtual machine monitor audit data for the detection of intrusions in cloud

Melvin

Kathrine

Ilango

et al. 2021

Trans Emerging Tel Tech

View full text Add to dashboard Cite

In this new era of cloud computing, Intrusion Detection System (IDS) is very essential for the continual monitoring of computing resources for signs of compromise since the number of attack vectors and malware are in increase. Only few IDS datasets are publicly available and those available are outdated, lack cloud‐specific attacks. This article presents a novel dataset based on Virtual Machine Introspected data for the implementation of IDS in cloud. The dataset was generated from the behavioral characteristics of malware and benign sample execution traces on virtual machines using Virtual Machine Introspection (VMI) technique. A vector space model based on system call approach is applied to analyze the behavioral characteristics for the generation of proposed dataset. The purpose of this study is to compare the proposed dataset with existing datasets and evaluate the effectiveness of these datasets by applying Machine Learning (ML) algorithms with 10‐fold cross‐validation. The ML algorithms used in the experiments are C4.5, Random Forest, JRip, NaiveBayes, K‐Nearest Neighbors (KNN), and Support Vector Machine (SVM). The effectiveness of detecting intrusions using proposed dataset is promising compared with other datasets in‐terms of intrusion detection accuracy, recall value, precision, and F1‐score metrics. For example, the intrusion detection accuracy in proposed dataset is 0.11% improved than UNM dataset, 6.28% higher than ADFA dataset, and 1.88% higher than LID dataset with C4.5 algorithm. Therefore, the proposed dataset is best suitable for implementing IDS for cloud.

show abstract

“…Figure 4 presents the design of the AMD architecture. Mishra et al [31] proposed a dynamic evaluation-based introspection technique, named KVMInspector for malware detection in KVM-based cloud environment. Libraries of LibVMI and Nitro were utilized in extracting the reduced level information of a running virtual machine by checking its memory, trapping hardware events, as well as evaluating the vCPU registers from KVM.…”

Section: Malware Detection Techniques In Hardwarementioning

confidence: 99%

Malware threat analysis techniques and approaches for IoT applications: a review

et al. 2021

View full text Add to dashboard Cite

Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.

show abstract

KVMInspector: KVM Based introspection approach to detect malware in cloud environment

Cited by 20 publications

References 15 publications

Malicious behavior detection in cloud using self‐optimized dynamic kernel convolutional neural network

Malicious behavior detection in cloud using self‐optimized dynamic kernel convolutional neural network

Dynamic malware attack dataset leveraging virtual machine monitor audit data for the detection of intrusions in cloud

Malware threat analysis techniques and approaches for IoT applications: a review

Contact Info

Product

Resources

About