Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Malware detection in the cloud under ensemble empirical mode decomposition
AU - Marnerides, Angelos
AU - Spachos, Petros
AU - Chatzimisios, Periklis
AU - Mauthe, Andreas Ulrich
PY - 2015/2
Y1 - 2015/2
N2 - Cloud networks underpin most of todays' socio-economical Information Communication Technology (ICT) environments due to their intrinsic capabilities such as elasticity and service transparency. Undoubtedly, this increased dependence of numerous always-on services with the cloud is also subject to a number of security threats. An emerging critical aspect is related with the adequate identification and detection of malware. In the majority of cases, malware is the first building block for larger security threats such as distributed denial of service attacks (e.g. DDoS); thus its immediate detection is of crucial importance. In this paper we introduce a malware detection technique based on Ensemble Empirical Mode Decomposition (E-EMD) which is performed on the hypervisor level and jointly considers system and network information from every Virtual Machine (VM). Under two pragmatic cloud-specific scenarios instrumented in our controlled experimental testbed we show that our proposed technique can reach detection accuracy rates over 90% for a range of malware samples. In parallel we demonstrate the superiority of the introduced approach after comparison with a covariance-based anomaly detection technique that has been broadly used in previous studies. Consequently, we argue that our presented scheme provides a promising foundation towards the efficient detection of malware in modern virtualized cloud environments.
AB - Cloud networks underpin most of todays' socio-economical Information Communication Technology (ICT) environments due to their intrinsic capabilities such as elasticity and service transparency. Undoubtedly, this increased dependence of numerous always-on services with the cloud is also subject to a number of security threats. An emerging critical aspect is related with the adequate identification and detection of malware. In the majority of cases, malware is the first building block for larger security threats such as distributed denial of service attacks (e.g. DDoS); thus its immediate detection is of crucial importance. In this paper we introduce a malware detection technique based on Ensemble Empirical Mode Decomposition (E-EMD) which is performed on the hypervisor level and jointly considers system and network information from every Virtual Machine (VM). Under two pragmatic cloud-specific scenarios instrumented in our controlled experimental testbed we show that our proposed technique can reach detection accuracy rates over 90% for a range of malware samples. In parallel we demonstrate the superiority of the introduced approach after comparison with a covariance-based anomaly detection technique that has been broadly used in previous studies. Consequently, we argue that our presented scheme provides a promising foundation towards the efficient detection of malware in modern virtualized cloud environments.
U2 - 10.1109/ICCNC.2015.7069320
DO - 10.1109/ICCNC.2015.7069320
M3 - Conference contribution/Paper
SN - 9781479969593
SP - 82
EP - 88
BT - Proceedings of 6th International Conference on Computing, Networking and Communications, IEEE ICNC 2015
PB - IEEE
ER -