Online Malware Classification with System-Wide System Calls in Cloud IaaS

by   Phillip Brown, et al.

Accurately classifying malware in an environment allows the creation of better response and remediation strategies by cyber analysts. However, classifying malware in a live environment is a difficult task due to the large number of system data sources. Collecting statistics from these separate sources and processing them together in a form that can be used by a machine learning model is difficult. Fortunately, all of these resources are mediated by the operating system's kernel. User programs, malware included, interacts with system resources by making requests to the kernel with system calls. Collecting these system calls provide insight to the interaction with many system resources in a single location. Feeding these system calls into a performant model such as a random forest allows fast, accurate classification in certain situations. In this paper, we evaluate the feasibility of using system call sequences for online malware classification in both low-activity and heavy-use Cloud IaaS. We collect system calls as they are received by the kernel and take n-gram sequences of calls to use as features for tree-based machine learning models. We discuss the performance of the models on baseline systems with no extra running services and systems under heavy load and the performance gap between them.


page 1

page 2

page 3

page 4


Analyzing Machine Learning Approaches for Online Malware Detection in Cloud

The variety of services and functionality offered by various cloud servi...

A Benchmark API Call Dataset for Windows PE Malware Classification

The use of operating system API calls is a promising task in the detecti...

Malware Classification with Word Embedding Features

Malware classification is an important and challenging problem in inform...

An Ensemble of Pre-trained Transformer Models For Imbalanced Multiclass Malware Classification

Classification of malware families is crucial for a comprehensive unders...

CNN vs ELM for Image-Based Malware Classification

Research in the field of malware classification often relies on machine ...

Reliable Malware Analysis and Detection using Topology Data Analysis

Increasingly, malwares are becoming complex and they are spreading on ne...

In-The-Field Monitoring of Functional Calls: Is It Feasible?

Collecting data about the sequences of function calls executed by an app...

Please sign up or login with your details

Forgot password? Click here to reset