MDCD: A malware detection approach in cloud using deep learning

With the increasing popularity of cloud computing applications, the threat of malware attack against cloud environments is getting worse. To defend against malware attacks in the cloud, some virtualization-based approaches are proposed. However, the existing methods suffer from limitations in terms of detection accuracy, deployment effort, and performance cost. To address these issues, we propose MDCD, a novel dynamic malware detection solution for cloud environments. This method first utilizes a lightweight agent to collect the run-time utilization information from the target virtual machine (VM). Then, it leverages the memory forensics analysis technique to extract the memory object information from the target VM's memory. To fully make use of the run-time utilization and memory object information for malware detection, we propose a multi-CNN model, which combines multiple convolutional neural networks (CNNs) efficiently. The evaluation shows that our approach can achieve an average detection accuracy, precision, recall, and F1 Score of 98.89%, 97.01%, 98.17%, and 97.89% respectively. Compared with the existing solutions, our method can detect multiple malicious processes effectively with little deployment effort.