CloudIDEA: A Malware Defense Architecture for Cloud Data Centers

Fischer, Andreas; Kittel, Thomas; Kolosnjaji, Bojan; Lengyel, Tamas K.; Mandarawi, Waseem; Meer, Hermann de; Müller, Tilo; Protsenko, Mykola; Reiser, Hans P.; Taubmann, Benjamin; Weishäupl, Eva

doi:10.1007/978-3-319-26148-5_40

Cited by 7 publications

(3 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fischer et al 92 developed a structure to provide safety for malware protection in cloud settings. The lightweight attack observed by evidence collection, immediate separation, and thorough VM analysis of VMs was combined with the proposed algorithm on the dedicated analysis hosts.…”

Section: Virtual Machines or Hypervisor-based Intrusion Detection Systemmentioning

confidence: 99%

Intrusion detection systems in the cloud computing: A comprehensive and deep literature review

Liu

Cheng

et al. 2021

Concurrency and Computation

View full text Add to dashboard Cite

Abrupt development of resources and rising expenses of infrastructure are leading institutions to take on cloud computing. Albeit, the cloud environment is vulnerable to various sorts of attacks. So, recognizing malicious software is one of the principal challenges in cloud security governance. Intrusion detection system (IDS) has turned to the most generally utilized element of computer system security that asserts the cloud from diverse sorts of attacks and threats. As evident, no systematic literature review exists that focuses on cloud computing usage within IDS processes. The previous investigations had not considered the statistical analysis method. Hence, this paper examined the IDS mechanisms in cloud computing systematically. Twenty-two articles have been obtained using defined filters divided into four sections: hypervisor-based IDS, network-based IDS, machine learning-based IDS, and hybrid IDS. The comparison is performed depending on the outcomes illustrated in the investigations. It demonstrates that IDS precision, inclusiveness, overhead, and reaction time have been discussed in many studies. Simultaneously, less attention has been paid to cost-sensitivity, functioning, attack tolerance, and intrusion facing. This paper has made an excellent effort to organize literature drawn from multiple sources into a manuscript.

show abstract

Section: Virtual Machines or Hypervisor-based Intrusion Detection Systemmentioning

confidence: 99%

Intrusion detection systems in the cloud computing: A comprehensive and deep literature review

Liu

Cheng

et al. 2021

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…[27] proposed a mechanism to verify the integrity of user and kernel code at runtime in page granularity. [50] described a framework that combines intrusion monitoring, evidence preservation, in-depth log analysis and decision making on suspicious events handling for guest VMs.…”

Section: A Vmi-based Intrusion Protectionmentioning

confidence: 99%

VirtAV: an Agentless Runtime Antivirus System for Virtual Machines

2017

KSII TIIS

View full text Add to dashboard Cite

Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series.

show abstract

“…Certain current models which are capable of protecting the hypervisor in a range of scenarios as shown in Figure 1. The CloudIDEA's is used to identify malware injection attacks by monitoring and tracking Virtual Machines (10) . Virtual machines must be secured in case an attacker gains control and may affect the hypervisor (11) .…”

Section: Introductionmentioning

confidence: 99%

Securing Hypervisors in Cloud Computing Environments against Malware Injection

Qurashi

2023

IJST

View full text Add to dashboard Cite

Objectives:The primary objectives of this research are to address the security concerns related to cloud computing, emphasising attacks that target different hypervisor layers. The goal is to propose a revolutionary approach called "hGuard," that provides a thorough protection mechanism against malware attacks across several hypervisor levels. Additionally, the research aims to establish this method's ability to improve cybersecurity in cloud systems and show its efficacy through practical studies. Methods: The study combines theoretical analysis with actual experimentation to accomplish its objectives. The "hGuard" approach that is being proposed was developed to defend against attacks on several hypervisor levels. The strategy produces an output that the data mining algorithm, such as Apriori uses to predict potential attacks. Through this association, it is now possible to simultaneously anticipate and stop malware injection attempts at various hypervisor layers. Empirical tests that simulate attacks and examine real-world situations provide quantitative information on the method's performance. Findings: The "hGuard" approach achieves a 95% detection accuracy for identifying malware injection attacks, with a 3% false positive rate for minimal misclassifications of non-attacks. It also demonstrates an 5% false negative rate, reducing errors in categorizing actual attacks. Additionally, the approach boasts an efficient 20 ms execution time, ensuring rapid processing and prediction of potential attacks. Novelty: The novelty of this research lies in the development of the "hGuard" method, which addresses a crucial gap in existing security approaches. Unlike conventional methods that tackle hypervisor levels individually, the proposed approach offers a holistic defense mechanism capable of countering malware attacks targeting multiple levels simultaneously. The integration of the Apriori technique for attack prediction further enhances its novelty by providing a data-driven approach to proactive cybersecurity. The empirical validation of the method's effectiveness contributes to its novelty, showcasing its potential as a valuable tool for detecting and preventing malware attacks in cloud computing. Furthermore, the research suggests avenues for extending the application of the "hGuard" method to other domains within the realm of cybersecurity.

show abstract

CloudIDEA: A Malware Defense Architecture for Cloud Data Centers

Cited by 7 publications

References 38 publications

Intrusion detection systems in the cloud computing: A comprehensive and deep literature review

Intrusion detection systems in the cloud computing: A comprehensive and deep literature review

VirtAV: an Agentless Runtime Antivirus System for Virtual Machines

Securing Hypervisors in Cloud Computing Environments against Malware Injection

Contact Info

Product

Resources

About