*WINNER* Analyzing Machine Learning Approaches for Online Malware Detection in Cloud
Abstract
The number of services being offered by various cloud service providers (CSP) have recently exploded. Utilizing such services has created numerous opportunities for enterprises infrastructure to become cloud-based and, in turn, assisted the enterprises to easily and flexibly offer services to their customers. The practice of renting out access to servers to clients for computing and storage purposes is known as Infrastructure as a Service (IaaS). The popularity of IaaS has led to a serious and critical concern about the security of such services. Particularly, malware is often leveraged by malicious entities against cloud services in order to compromise sensitive data or to obstruct the functionality of these services. In response to this, malware detection for cloud environments has become a widely researched topic with numerous methods being proposed. In this paper, we present an online malware detection method based on performance metrics, and analyze the effectiveness of different baseline machine learning models including, Support Vector Classifier (SVC), Random Forest Classifier (RFC), K-Nearest Neighbor (KNN), Gradient Boosted Classifier (GBC), Gaussian Naive Bayes (GNB) and Convolutional Neural Networks (CNN). Our results conclude that neural network models can accurately detect the affects that malware has on the performance metrics of virtual machines in the cloud, and therefore are better suited to detect malware. Our models were trained, validated, and tested by using a dataset of 40,680 malicious and benign samples. This dataset was compiled by conducting 113 60-minutes long experiments and collecting the process level features.