Malware Classification Using Deep Learning in Cloud Environments

Abstract

Cloud infrastructure is vulnerable to malware due to its exposure to external adversaries, making it a lucrative attack vector for malicious actors. A datacenter infected with malware can cause data loss and/or major disruptions to service for its users. This work analyzes and compares various deep learning and machine learning methods within the scope of malware classification. The classification is based on behavioural data using process level performance and system wide performance metrics including cpu usage, memory usage, disk usage etc. These machine learning models are designed to extract features from data gathered from live malware running on a real cloud environment. Experiments are performed on OpenStack (a hypervisor) testbed designed to simulate cloud environment scenarios. Comparative analysis is performed for different machine learning models.