Analyzing CNN Based Behavioural Malware Detection Techniques on Cloud IaaS
It addresses malware threats for cloud infrastructure users, but the approach is incremental as it applies existing CNN methods to this specific domain.
This paper tackles the problem of malware detection in cloud IaaS by analyzing and comparing various CNN models, such as DenseNets and ResNets, using behavioral data like CPU and memory usage, achieving effective detection in an online cloud environment tested on an OpenStack setup.
Cloud Infrastructure as a Service (IaaS) is vulnerable to malware due to its exposure to external adversaries, making it a lucrative attack vector for malicious actors. A datacenter infected with malware can cause data loss and/or major disruptions to service for its users. This paper analyzes and compares various Convolutional Neural Networks (CNNs) for online detection of malware in cloud IaaS. The detection is performed based on behavioural data using process level performance metrics including cpu usage, memory usage, disk usage etc. We have used the state of the art DenseNets and ResNets in effectively detecting malware in online cloud system. CNN are designed to extract features from data gathered from a live malware running on a real cloud environment. Experiments are performed on OpenStack (a cloud IaaS software) testbed designed to replicate a typical 3-tier web architecture. Comparative analysis is performed for different metrics for different CNN models used in this research.