Securing virtual execution environments through machine learning-based intrusion detection

Virtualization has gained tremendous traction as the go-to computing technology due to many advantages it offers such as server consolidation, increased reliability and availability, and enhanced security through isolation of virtual machines. Within a virtual machine itself, securing workloads against cyber attacks becomes an increasingly critical task. In this paper, we present the application of machine learning and anomaly detection to automatically detect malicious attacks on typical server workloads running on virtual machines. An integral aspect of the work is finding the right set of features that can be used to distinguish normal from malicious activity.