Implementing a Novel Malware Detection System in Virtual Machines

Authors

Malik Ashtar University of Technology

Abstract

Today, virtual machines play an important role in efficient and effective management of resources.
Virtualization is the concept of creating multiple virtual machine guests on a single hardware that allows the
system to provide optimal use of resources. Common behavior of malwares in a virtual machines is wide.
Sometimes these malwares change the system objects in the first step, and next, influence the host operating
system of the virtual machine at the time of completion of the work, and maybe in a final step they do some
malicious task. In this paper we provide a secure method for identification, classification and elimination of
malwares in a virtual machine. The proposed method which is called, SSM, will firstly attempt to identify
high-risk behaviors using behavioral profiles and evaluating changes . The proposed method is then
extracted from pre-treatment to categorize malicious groups. Experimental results show that the sample rate
of false negatives has sharply declined. The proposed mechanism is based on the actual samples
virtualization Xen, with the Linux implementation. Through detailed analysis, and comparison SSM with
current commercial anti-malware, SSM has a good performance in the detection and removal of malware, as
well as reducing the rate of false- negative samples were found in a virtual machine.

Keywords


[1] Amani P., Khalozadeh H., Aref M., Proposing a Novel Sandbox
using
AES Encryption Chaotic Shema, The Forth Iranian Conference
on
Encryption, 2008, In Persian.
[2] Ajami M., Payandeh A., Aref M., A Power Attack on A5/1
Encryption
Algorithm, The Eight Iranian Conference on Encryption, 2012, In
Persian.
[3] http://www.freebsd.org/.
[4] http://linux-vserver.org/.
[5] http://www.oracle.com/VMSystems/Zones/.
[6] http://openvz.org/.
[7] http://www.parallels.com/products/virtuozzo/.
[8] Zhu, Z. Jiang, Z. Xiao, and X. Li, ―Optimizing the Performance of
Virtual Machine Synchronization for Fault Tolerance,‖ IEEE
Transactions on Computers, vol. 60, no. 12, pp. 1718-1729, Dec.
2011.
[9] Jenni Susan Reuben, ―A Survey on Virtual Machine Security,‖
Draft Books on Network Security, TKK T-110.5290, Version 3,
2013.
[10] N. Li, Z. Mao, and H. Chen, ―Usable Mandatory Integrity
Protection for Operating Systems,‖ Proc. IEEE Symp. Security
and Privacy, pp. 164-178, May 2007.
[11] E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R.A.
Kemmerer,―Behavior-Based Spyware Detection,‖ Proc. 15th
Conf. USENIX Security Symp., article 19, 2006.
[12] L. Martignoni, E. Stinson, M. Fredrikson, S. Jha, and J.C.
Mitchell, ―A Layered Architecture for Detecting Malicious
Behaviors,‖ Proc. 11th Int’l Symp. Recent Advances in Intrusion
Detection (RAID), Sept. 2008.
[13] Symantec, Inc., http://www.symantec.com/business/ securityresponse/
threatexplorer/threats.jsp, 2013.
[14] Microsoft Security Bull., http://www.microsoft.com/ technet/
security/current.aspx, 2013.
[15] A. Lanzi1, M. Sharif, and W. Lee, ―K-Tracer: A System for
Extracting Kernel Malware Behavior,‖ Proc. 17th Ann. Network
and Distributed System Security Symp. (NDSS), 2009.
[16] C. Kolbitsch, P.M. Comparetti, C. Kruegel, E. Kirda, X. Zhou,
and X. Wang, ―Effective and Efficient Malware Detection at the
End Host,‖ Proc. 18th Conf. USENIX Security Symp., pp. 351-
366, 2009.
[17] O. Sukwong, H. Kim, and J. Hoe, ―Commercial Antivirus
Software Effectiveness: An Empirical Study,‖ Computer, vol. 44,
no. 3, pp. 63-70, Mar. 2011.
[18] S.A. Hofmeyr, S. Forrest, and A. Somayaji, ―Intrusion Detection
Using Sequences of System Calls,‖J. Computer Security, vol. 6,
no. 3, pp. 151-180, 1998.
[19] http://www.csmining.org/.
[20] http://mmonit.com/.
[21] PC Magazine, ―PC Magazine Benchmarks,‖ http://www. pcmag.
com/encyclopedia_term/WebBench.asp/., 2013.
[22] Yin, Song, Egele, Kruegel C., and Kirda E., ―Panorama:
Capturing System-Wide Information Flow for Malware Detection
and Analysis,‖ Proc. 14th ACM Conf. Computer and Comm.
Security (CCS), 2007.
[23] Zhiyong Shan, Xin Wang; Tzi-Cker Chiueh, ―Malware Clearance
for Secure Commitment of OS-Level Virtual Machines,‖ IEEE
Transactions on Dependable and Secure Computing, vol.10, no.2,
pp.70,83, March-April 2013.
[24] Hahn A., Ashok, A.; Sridhar, S.; Govindarasu, M., ―Cyber-
Physical Security Testbeds: Architecture, Application, and
Evaluation for Smart Grid,‖ IEEE Transactions on Smart Grid,
vol.4, no.2, pp.847, 855.
[25] Bari, M.F., Boutaba, R. Esteves, R, Granville, L.Z. Podlesny, M.,
―Data Center Network Virtualization: A Survey‖, IEEE
Communications Surveys & Tutorials, vol.15, no.2, pp.909,928.
Volume 2, Issue 3 - Serial Number 3
February 2020
Pages 23-33
  • Receive Date: 20 April 2014
  • Revise Date: 04 July 2023
  • Accept Date: 19 September 2018
  • Publish Date: 22 November 2014