期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2018
卷号:18
期号:7
页码:96-102
出版社:International Journal of Computer Science and Network Security
摘要:Static malware analysis cannot identify malware that uses encryption or shell technology. Traditional dynamic malware analysis has fingerprints, such as using hooks to monitor function calls, which can be recognised and tampered by malware. To address this issue, this paper proposes a dynamic malware detection mechanism based on the cloud environment. Malware is running at the guest level while malware monitoring is conducted at the hypervisor level, therefore malware execution and monitoring environments are isolated. The breakpoint injection technology is utilised to capture the kernel function calls so that malware behaviours, such as processes, file access, registries and system services, can be monitored and the log is generated. The log is processed to extract four dimensions of information which is utilised as the input for the deep learning network. The deep learning network, trained by a large number of samples, can recognise and output the malware types at an accuracy as high as 97.3%.
关键词:;;;; ;;;;;; dynamic malware detection; deep learning; guest monitoring
