Online Malware Detection In Cloud Auto-Scaling Systems Using Shallow Convolutional Neural Networks

This paper introduces a novel online malware detection approach in cloud by leveraging one of its unique characteristics-autoscaling. Auto-scaling in cloud allows for maintaining an optimal number of running VMs based on load, by dynamically adding or terminating VMs. Our detection system is online because it detects malicious behavior while the system is running. Malware detection is performed by utilizing process-level performance metrics to model a Convolutional Neural Network (CNN). We initially employ a 2d CNN approach which trains on individual samples of each of the VMs in an auto-scaling scenario. That is, there is no correlation between samples from different VMs during the training phase. We enhance the detection accuracy by considering the correlations between multiple VMs through a sample pairing approach. Experiments are performed by injecting malware inside one of the VMs in an auto-scaling scenario. We show that our standard 2d CNN approach reaches an accuracy of similar or equal to 90%. However, our sample pairing approach significantly improves the accuracy to similar or equal to 97%.