Detection of Malware and Kernel-Level Rootkits in Cloud Computing Environments

Abstract

Cyberattacks targeted at virtualization infrastructure underlying cloud computing services has become increasingly sophisticated. This paper presents a novel malware and rookit detection system which protects the guests against different attacks. It combines system call monitoring and system call hashing on the guest kernel together with Support Vector Machines (SVM)-based external monitoring on the host. We demonstrate the effectiveness of our solution by evaluating it against well-known user-level malware as well as kernel-level rootkit attacks.