{"title":"改进向量空间表示在云环境下虚拟机内恶意活动检测中的适用性评估","authors":"Bhavesh Borisaniya, Kevin Patel, D. Patel","doi":"10.1109/INDICON.2014.7030588","DOIUrl":null,"url":null,"abstract":"Malware writers use increasingly complex evasion mechanisms to ensure the concealment of malware against standard anti-malware suites. To identify malware through its behaviour, rather than its approach is an interesting venue of exploration. System call traces are highly indicative of a process behaviour. However, it is difficult to acquire system calls of all processes running on a physical machine. Fortunately, the same cannot be said for the virtual machines, owing to the advancement of Virtual Machine Introspection (VMI) techniques. This opens up the possibility of utilizing system call information for malicious activity detection. In this paper, we study different representations of system call information and evaluate their applicability for in- VM malicious activity detection in Cloud environment.","PeriodicalId":409794,"journal":{"name":"2014 Annual IEEE India Conference (INDICON)","volume":"137 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Evaluation of applicability of modified vector space representation for in-VM malicious activity detection in Cloud\",\"authors\":\"Bhavesh Borisaniya, Kevin Patel, D. Patel\",\"doi\":\"10.1109/INDICON.2014.7030588\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware writers use increasingly complex evasion mechanisms to ensure the concealment of malware against standard anti-malware suites. To identify malware through its behaviour, rather than its approach is an interesting venue of exploration. System call traces are highly indicative of a process behaviour. However, it is difficult to acquire system calls of all processes running on a physical machine. Fortunately, the same cannot be said for the virtual machines, owing to the advancement of Virtual Machine Introspection (VMI) techniques. This opens up the possibility of utilizing system call information for malicious activity detection. In this paper, we study different representations of system call information and evaluate their applicability for in- VM malicious activity detection in Cloud environment.\",\"PeriodicalId\":409794,\"journal\":{\"name\":\"2014 Annual IEEE India Conference (INDICON)\",\"volume\":\"137 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Annual IEEE India Conference (INDICON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INDICON.2014.7030588\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Annual IEEE India Conference (INDICON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDICON.2014.7030588","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluation of applicability of modified vector space representation for in-VM malicious activity detection in Cloud
Malware writers use increasingly complex evasion mechanisms to ensure the concealment of malware against standard anti-malware suites. To identify malware through its behaviour, rather than its approach is an interesting venue of exploration. System call traces are highly indicative of a process behaviour. However, it is difficult to acquire system calls of all processes running on a physical machine. Fortunately, the same cannot be said for the virtual machines, owing to the advancement of Virtual Machine Introspection (VMI) techniques. This opens up the possibility of utilizing system call information for malicious activity detection. In this paper, we study different representations of system call information and evaluate their applicability for in- VM malicious activity detection in Cloud environment.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
