Analysis of Mobility Algorithms for Forensic Virtual Machine Based Malware Detection

Tom Chothia, Nada Alruhaily, Behzad Bordbar

Research output: Contribution to conference (unpublished)Paperpeer-review

1 Citation (Scopus)


Forensic Virtual Machines are a new technology that replaces signature-based malware detection for the cloud. Forensic Virtual Machines are mini-VMs which are used to identify symptoms of malicious behaviour on customer VMs. Scanning using these mini-VMs consumes less resources than a full scan would and their small size reduces the possibility of the FVMs themselves containing vulnerabilities. A mobility algorithm embedded in every FVM specifies how it chooses which customer VM to scan. Although multiple scanning strategies have been introduced, there is no work which provides a comparison of these strategies. In this paper, we develop a probabilistic approach which tells us which strategy is best for a given cloud environment and particular family of malware. Our framework uses Bayesian probability in addition to a malware knowledge base in order to simulate the scanning process of a number of FVMs.
Original languageEnglish
Publication statusPublished - 3 Dec 2015


Dive into the research topics of 'Analysis of Mobility Algorithms for Forensic Virtual Machine Based Malware Detection'. Together they form a unique fingerprint.

Cite this