Title :
Evaluation of applicability of modified vector space representation for in-VM malicious activity detection in Cloud
Author :
Borisaniya, B. ; Patel, K. ; Patel, D.
Author_Institution :
Comput. Eng. Dept., NIT Surat, Surat, India
Abstract :
Malware writers use increasingly complex evasion mechanisms to ensure the concealment of malware against standard anti-malware suites. To identify malware through its behaviour, rather than its approach is an interesting venue of exploration. System call traces are highly indicative of a process behaviour. However, it is difficult to acquire system calls of all processes running on a physical machine. Fortunately, the same cannot be said for the virtual machines, owing to the advancement of Virtual Machine Introspection (VMI) techniques. This opens up the possibility of utilizing system call information for malicious activity detection. In this paper, we study different representations of system call information and evaluate their applicability for in- VM malicious activity detection in Cloud environment.
Keywords :
cloud computing; invasive software; virtual machines; applicability evaluation; cloud computing; complex evasion mechanisms; in-VM malicious activity detection; malware concealment; malware identification; modified vector space representation; standard antimalware suites; system call information utilization; system call traces; virtual machine introspection techniques; Cloud computing; Information retrieval; Kernel; Malware; Testing; Vectors; Virtual machining; Cloud; System call traces; Vector Space Model; Virtual Machine Introspection;
Conference_Titel :
India Conference (INDICON), 2014 Annual IEEE
Conference_Location :
Pune
Print_ISBN :
978-1-4799-5362-2
DOI :
10.1109/INDICON.2014.7030588
