文献类型：期刊文献

英文题名：MDCD: A malware detection approach in cloud using deep learning

作者：Tian, Donghai[1,2];Zhao, Runze[1];Ma, Rui[1];Jia, Xiaoqi[1];Shen, Qi[3];Hu, Changzhen[1];Liu, Wenmao[4]

第一作者：Tian, Donghai

通讯作者：Shen, Q[1]

机构：[1]Beijing Inst Technol, Beijing Key Lab Software Secur Engn Tech, Beijing, Peoples R China;[2]Chinese Acad Sci, Inst Informat Engn, Key Lab Network Assessment Technol, Beijing, Peoples R China;[3]Beijing Union Univ, Teachers Coll, Beijing 100101, Peoples R China;[4]NSFOCUS Inc, Beijing, Peoples R China

第一机构：Beijing Inst Technol, Beijing Key Lab Software Secur Engn Tech, Beijing, Peoples R China

通讯机构：[1]corresponding author), Beijing Union Univ, Teachers Coll, Beijing 100101, Peoples R China.|[1141711]北京联合大学师范学院;[11417]北京联合大学;

年份：0

外文期刊名：TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES

收录：;EI(收录号：20222512247667);Scopus(收录号：2-s2.0-85132075843);WOS:【SCI-EXPANDED(收录号:WOS:000812594800001)】；

基金：National Natural Science Foundation of China, Grant/Award Numbers: 61772078, 61602035; Strategic Priority Research Program of Chinese Academy of Sciences, Grant/Award Number: XDC02010900; Beijing Municipal Science and Technology Commission, Grant/Award Number: Z191100007119010; National Key Research and Development Program of China, Grant/Award Number: 2016QY04W0903; CCF-NSFOCUS Kun-Peng Scientific Research Foundation

语种：英文

摘要：With the increasing popularity of cloud computing applications, the threat of malware attack against cloud environments is getting worse. To defend against malware attacks in the cloud, some virtualization-based approaches are proposed. However, the existing methods suffer from limitations in terms of detection accuracy, deployment effort, and performance cost. To address these issues, we propose MDCD, a novel dynamic malware detection solution for cloud environments. This method first utilizes a lightweight agent to collect the run-time utilization information from the target virtual machine (VM). Then, it leverages the memory forensics analysis technique to extract the memory object information from the target VM's memory. To fully make use of the run-time utilization and memory object information for malware detection, we propose a multi-CNN model, which combines multiple convolutional neural networks (CNNs) efficiently. The evaluation shows that our approach can achieve an average detection accuracy, precision, recall, and F1 Score of 98.89%, 97.01%, 98.17%, and 97.89% respectively. Compared with the existing solutions, our method can detect multiple malicious processes effectively with little deployment effort.