• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on industrial informatics >VMShield: Memory Introspection-Based Malware Detection to Secure Cloud-Based Services Against Stealthy Attacks
【24h】

VMShield: Memory Introspection-Based Malware Detection to Secure Cloud-Based Services Against Stealthy Attacks

机译:VMShield:基于内存的内省的恶意软件检测,以保护基于云的服务免受隐形攻击

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

With the rapid evolution of the industrial Internet, cloud service has emerged as a next-generation industrial standard that has the potential to revolutionize and transform the enterprise industry. In recent years, numerous enterprises have acknowledged the benefits of cloud-based service models. However, the security issues are a major concern, such as stealthy malware attacks against virtual domains. In this article, we propose an introspection based security approach, called VMShield for securing virtual domains in a cloud based service platform, which is designed to detect malware in cloud infrastructure. VMShield performs virtual memory introspection from the hypervisor (trusted-domain) to collect the run-time behavior of processes, making it impossible for the malware to evade the security tool. The use of introspection makes the proposed approach a better choice over traditional static and dynamic state-of-the-art techniques which fail to detect stealthy attacks. The VMShield extracts the system call features using Bag of n-gram approach and selects important features using the meta-heuristic algorithm, binary particle swarm optimization. Random Forest (RF) classifier is used to classify the monitored programs into benign and malign processes, making it capable of detecting the variants of malware thus, an advantage over the typical signature-matching approach. The University of New Mexico (UNM) Dataset and Bare cloud Dataset (University of California) has been used for the demonstration and validation of VMShield. The results prove that VMShield achieves a higher attack detection rate and reduced storage compared to previously proposed techniques.
机译:随着工业互联网的快速发展,云服务已成为下一代工业标准,有可能彻底改变和改造企业行业。近年来,众多企业承认基于云的服务模式的好处。但是,安全问题是一个主要关注的问题,如隐秘的恶意软件对抗虚拟域。在本文中,我们提出了一种基于内省的安全方法,称为VMShield,用于保护基于云的服务平台中的虚拟域,该平台旨在检测云基础架构中的恶意软件。 vmshield从管理程序(可信域)执行虚拟内存的内省,以收集进程的运行时行为,使恶意软件无法逃避安全工具。使用内省的使用使得提出的方法更好地选择传统的静态和动态最先进的技术,这不能检测隐形攻击。 VMSHIELD使用N-GRAM方法的袋提取系统调用功能,并使用元启发式算法选择重要特征,二进制粒子群优化。随机森林(RF)分类器用于将被监视的程序分类为良性和恶意过程,使其能够检测恶意软件的变体,因此,优于典型的签名匹配方法。新墨西哥州大学(联接道)数据集和裸云数据集(加利福尼亚大学)已被用于VMShield的演示和验证。结果证明,与先前提出的技术相比,VMSHIELD实现了更高的攻击检测率和降低的储存。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号