The security of cloud services and underlying resources is a major concern due to vulnerabilities existing in current implementation of the virtualization. Thus, there is a need of detecting system-level attacks like viruses, worms, malware, etc. In this paper, we extend our previous work on vulnerability assessment and patching by integrating in-VM-assisted agent-based malware detection (AMD) framework for securing high-risk virtual machines (VMs) in cloud. The proposed framework has two components, viz. agent at VM and anomaly detection at hypervisor. An agent continuously looks for the new deployment of the executable in-VM and applies the signature-based detection to detect known malware. For detecting unknown attacks, it generates the profile with optimal static features for new executable. The optimal features are derived using an extended binary bat algorithm with two new fitness functions. The profile is transferred to hypervisor where anomaly detection using random forest classifier is applied. It classifies the executable to either normal or malware and generates an alert to VM user. The functionality of the proposed AMD framework is validated over cloud testbed at NIT Goa, as well as with the latest malware datasets. In addition, we analyze the VM security requirements fulfilled by the proposed framework.

中文翻译：

---

设计基于VM的基于轻量级代理的恶意软件检测框架，以保护云计算中的虚拟机

由于虚拟化的当前实施中存在漏洞，因此云服务和基础资源的安全性是一个主要问题。因此，需要检测系统级别的攻击，例如病毒，蠕虫，恶意软件等。在本文中，我们通过集成基于VM的基于代理的恶意软件检测（AMD）扩展了以前的漏洞评估和修补工作。用于保护云中高风险虚拟机（VM）的框架。拟议的框架有两个组成部分，即。VM上的Agent和Hypervisor上的异常检测。代理不断寻找VM中可执行文件的新部署，并应用基于签名的检测来检测已知的恶意软件。为了检测未知攻击，它会为新的可执行文件生成具有最佳静态功能的配置文件。使用具有两个新的适应度函数的扩展二进制bat算法导出最佳特征。概要文件将传输到系统管理程序，在该系统中应用了使用随机森林分类器的异常检测。它将可执行文件分类为正常文件或恶意软件，并向VM用户生成警报。提议的AMD框架的功能已通过NIT Goa的云测试平台以及最新的恶意软件数据集进行了验证。另外，我们分析了所提出框架满足的虚拟机安全要求。提议的AMD框架的功能已通过NIT Goa的云测试平台以及最新的恶意软件数据集进行了验证。此外，我们分析了所提出框架满足的VM安全要求。拟议的AMD框架的功能已通过NIT Goa的云测试平台以及最新的恶意软件数据集进行了验证。另外，我们分析了所提出框架满足的虚拟机安全要求。