Cyberattacks targeted at virtualization infrastructure underlying cloud computing services has become increasingly sophisticated. This paper presents a novel malware and rookit detection system which protects the guests against different attacks. It combines system call monitoring and system call hashing on the guest kernel together with Support Vector Machines (SVM)-based external monitoring on the host. We demonstrate the effectiveness of our solution by evaluating it against well-known user-level malware as well as kernel-level rootkit attacks.
- virtualization security
- cloud security
- malware detection
- rootkit detection
- support vector machine
- virtual machine introspection
Win, T. Y., Tianfield, H., & Mair, Q. (2015). Detection of malware and kernel-level rootkits in cloud computing environments. In 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (pp. 295-300). IEEE. https://doi.org/10.1109/CSCloud.2015.54