VAED: VMI‐assisted evasion detection approach for infrastructure as a service cloud. (28th March 2017)
- Record Type:
- Journal Article
- Title:
- VAED: VMI‐assisted evasion detection approach for infrastructure as a service cloud. (28th March 2017)
- Main Title:
- VAED: VMI‐assisted evasion detection approach for infrastructure as a service cloud
- Authors:
- Mishra, Preeti
Pilli, Emmanuel S.
Varadharajan, Vijay
Tupakula, Udaya - Abstract:
- Summary: Cloud computing provides on demand provisioning of resources mostly offered as Infrastructure as a Service. The flexibility in services has opened doors for attackers. Research has been performed to detect various malware in the last few years. However, modern malware are advanced enough to detect the presence of virtualization environment, security analyzer, or even the hypervisor by observing the virtualization‐specific information such as virtual processor features, timing features, etc. The malware exhibit evasive nature and can fool existing security solutions by performing modern antidetection tactics. In this paper, we propose an approach named as VMI‐assisted evasion detection (VAED), deployed at virtual machine monitor, to detect the evasion‐based malware attacks. The VAED is based on learning the program semantic of evasive malware. It uses system call dependency graph approach generated using Markov Chain principle and keeps track of system call ordering with transition probability distribution between each pair system calls. It uses software break point injection technique to extract the system call traces of evasive malware samples, which is free from any modification in hardware‐specific values. Hence, it is secure from evasion attempts. The VAED is validated over evasive samples collected from the University of California on request, and results seem to be promising.
- Is Part Of:
- Concurrency and computation. Volume 29:Number 12(2017)
- Journal:
- Concurrency and computation
- Issue:
- Volume 29:Number 12(2017)
- Issue Display:
- Volume 29, Issue 12 (2017)
- Year:
- 2017
- Volume:
- 29
- Issue:
- 12
- Issue Sort Value:
- 2017-0029-0012-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2017-03-28
- Subjects:
- cloud security, intrusion detection, system call analysis, virtual machine introspection
Parallel processing (Electronic computers) -- Periodicals
Parallel computers -- Periodicals
004.35 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/cpe.4133 ↗
- Languages:
- English
- ISSNs:
- 1532-0626
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3405.622000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 2786.xml