A market-based approach for detecting malware in the cloud via introspection

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

Colleges, School and Institutes

External organisations

  • Facultad de Ingeniería en Electricidad y Computación
  • ESPOL Polytechnic University

Abstract

Traditional anti-virus (AV) solutions are known for their considerable consumption of resources, limiting their usefulness on the cloud. In contrast, cloud-based lightweight malware monitoring approaches consume fewer resources than a full malware scan would normally require, however, they are often prone to false alarms; limiting their effectiveness. In this paper, such a trade-off is addressed by proposing a prioritisation approach, consisting of two protection layers (i.e. lightweight and full malware scanning) to conduct a scalable and effective malware inspection of the cloud Virtual Machines (VMs). The novel contribution of this paper is a market-inspired mechanism that utilises lightweight scanners to prioritise the AV scanning process, by deciding which VM should be thoroughly scanned and when; it will trigger then a full malware scan on a pre-defined percentage of the most critical VMs. The conducted evaluation shows that the framework provides a cost-effective scanning method, while being able to confirm the infection status of the most critical set of VMs; thus maintaining a low rate of false alarms.

Details

Original languageEnglish
Title of host publicationService-Oriented Computing - 15th International Conference, ICSOC 2017, Proceedings
EditorsMichael Maximilien, Antonio Vallecillo, Jianmin Wang, Marc Oriol
Publication statusPublished - 2017
Event15th International Conference on Service-Oriented Computing, ICSOC 2017 - Malaga, Spain
Duration: 13 Nov 201716 Nov 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10601 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Service-Oriented Computing, ICSOC 2017
CountrySpain
CityMalaga
Period13/11/1716/11/17