Malware Detection Based on Dynamic Multi-Feature Using Ensemble Learning at Hypervisor

Jian Zhang, Cheng Gao, Liangyi Gong, Zhaojun Gu, Dapeng Man, Wu Yang, Xiaojiang Du

Research output: Contribution to journalConference articlepeer-review

5 Scopus citations

Abstract

More data and applications are moving to the cloud, which presents many new security risks. Malware is one of the most significant threats to cloud computing. In this paper, we explore to employ virtual machine introspection(VMI) and memory forensics analysis(MFA) techniques to detect malware running in guest virtual machines. Our scheme differs from existing malware detection methods based on virtualization technology in three aspects. First, this paper combines VMI with MFA to extract multiple type features in the guest virtual machine at the same time. Our scheme can effectively minimize the data acquisition overhead. Second,compared with single dynamic feature or multiple static feature detection methods, our data acquisition method employs dynamic multiple type features, and effectively promotes the ability of sophisticated malware detection. Finally,we use AdaBoost ensemble learning method and combination strategy of voting to improve the accuracy and generalization ability of the overall classifier. The experimental results based on a lot of real-world malware show that our scheme can achieve a detection accuracy of 0.9975. Our approach can improve virtual machines security, and further effectively enhance the security of cloud computing environment.

Original languageEnglish
Article number8648070
JournalProceedings - IEEE Global Communications Conference, GLOBECOM
DOIs
StatePublished - 2018
Event2018 IEEE Global Communications Conference, GLOBECOM 2018 - Abu Dhabi, United Arab Emirates
Duration: 9 Dec 201813 Dec 2018

Keywords

  • Dynamic Multi-feature
  • Ensemble learning
  • Malware detection
  • Memory forensics analysis
  • Virtual machine introspection

Fingerprint

Dive into the research topics of 'Malware Detection Based on Dynamic Multi-Feature Using Ensemble Learning at Hypervisor'. Together they form a unique fingerprint.

Cite this