Home > Research > Publications & Outputs > Malware detection in the cloud under ensemble e...

Links

Text available via DOI:

View graph of relations

Malware detection in the cloud under ensemble empirical mode decomposition

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Close
Publication date02/2015
Host publicationProceedings of 6th International Conference on Computing, Networking and Communications, IEEE ICNC 2015
PublisherIEEE
Pages82-88
Number of pages7
ISBN (print)9781479969593
<mark>Original language</mark>English

Abstract

Cloud networks underpin most of todays' socio-economical Information Communication Technology (ICT) environments due to their intrinsic capabilities such as elasticity and service transparency. Undoubtedly, this increased dependence of numerous always-on services with the cloud is also subject to a number of security threats. An emerging critical aspect is related with the adequate identification and detection of malware. In the majority of cases, malware is the first building block for larger security threats such as distributed denial of service attacks (e.g. DDoS); thus its immediate detection is of crucial importance. In this paper we introduce a malware detection technique based on Ensemble Empirical Mode Decomposition (E-EMD) which is performed on the hypervisor level and jointly considers system and network information from every Virtual Machine (VM). Under two pragmatic cloud-specific scenarios instrumented in our controlled experimental testbed we show that our proposed technique can reach detection accuracy rates over 90% for a range of malware samples. In parallel we demonstrate the superiority of the introduced approach after comparison with a covariance-based anomaly detection technique that has been broadly used in previous studies. Consequently, we argue that our presented scheme provides a promising foundation towards the efficient detection of malware in modern virtualized cloud environments.