Evaluation of applicability of modified vector space representation for in-VM malicious activity detection in Cloud

Author

Borisaniya, B. ; Patel, K. ; Patel, D.

Author_Institution

Comput. Eng. Dept., NIT Surat, Surat, India

fYear

2014

fDate

11-13 Dec. 2014

Firstpage

1

Lastpage

6

Abstract

Malware writers use increasingly complex evasion mechanisms to ensure the concealment of malware against standard anti-malware suites. To identify malware through its behaviour, rather than its approach is an interesting venue of exploration. System call traces are highly indicative of a process behaviour. However, it is difficult to acquire system calls of all processes running on a physical machine. Fortunately, the same cannot be said for the virtual machines, owing to the advancement of Virtual Machine Introspection (VMI) techniques. This opens up the possibility of utilizing system call information for malicious activity detection. In this paper, we study different representations of system call information and evaluate their applicability for in- VM malicious activity detection in Cloud environment.

Keywords

cloud computing; invasive software; virtual machines; applicability evaluation; cloud computing; complex evasion mechanisms; in-VM malicious activity detection; malware concealment; malware identification; modified vector space representation; standard antimalware suites; system call information utilization; system call traces; virtual machine introspection techniques; Cloud computing; Information retrieval; Kernel; Malware; Testing; Vectors; Virtual machining; Cloud; System call traces; Vector Space Model; Virtual Machine Introspection;

fLanguage

English

Publisher

ieee

Conference_Titel

India Conference (INDICON), 2014 Annual IEEE

Conference_Location

Pune

Print_ISBN

978-1-4799-5362-2

Type

conf

DOI

10.1109/INDICON.2014.7030588

Filename

7030588