VAED: VMI-assisted evasion detection approach for infrastructure as a service cloud

Preeti Mishra, Emmanuel S. Pilli*, Vijay Varadharajan, Udaya Tupakula

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

16 Citations (Scopus)

Abstract

Cloud computing provides on demand provisioning of resources mostly offered as Infrastructure as a Service. The flexibility in services has opened doors for attackers. Research has been performed to detect various malware in the last few years. However, modern malware are advanced enough to detect the presence of virtualization environment, security analyzer, or even the hypervisor by observing the virtualization-specific information such as virtual processor features, timing features, etc. The malware exhibit evasive nature and can fool existing security solutions by performing modern antidetection tactics. In this paper, we propose an approach named as VMI-assisted evasion detection (VAED), deployed at virtual machine monitor, to detect the evasion-based malware attacks. The VAED is based on learning the program semantic of evasive malware. It uses system call dependency graph approach generated using Markov Chain principle and keeps track of system call ordering with transition probability distribution between each pair system calls. It uses software break point injection technique to extract the system call traces of evasive malware samples, which is free from any modification in hardware-specific values. Hence, it is secure from evasion attempts. The VAED is validated over evasive samples collected from the University of California on request, and results seem to be promising.

Original languageEnglish
Article numbere4133
Pages (from-to)1-21
Number of pages21
JournalConcurrency Computation
Volume29
Issue number12
DOIs
Publication statusPublished - 25 Jun 2017

Keywords

  • cloud security
  • intrusion detection
  • system call analysis
  • virtual machine introspection

Fingerprint

Dive into the research topics of 'VAED: VMI-assisted evasion detection approach for infrastructure as a service cloud'. Together they form a unique fingerprint.

Cite this