1. Malware detection for container runtime based on virtual machine introspection.
- Author
-
He, Xinfeng and Li, Riyang
- Subjects
- *
VIRTUAL machine systems , *CONVOLUTIONAL neural networks , *MALWARE , *INTROSPECTION , *HYPERVISOR (Computer software) , *GRAYSCALE model - Abstract
The isolation technique of containers introduces uncertain security risks to malware detection in the current container environment. In this paper, we propose a framework called Malware Detection for Container Runtime based on Virtual Machine Introspection (MDCRV) to detect in-container malware. MDCRV can automatically export the memory snapshots by using virtual machine introspection in container-in-virtual-machine architecture and reconstruct container semantics from memory snapshots. Although in-container malware might escape from the isolating measures of the container, our detecting program which benefits from the isolation of the hypervisor still can work well. Additionally, we propose a container process visualization approach to improve the efficiency of analyzing the binary execution information of container runtime. We convert the live processes of in-container malware and benign application to grayscale images and employ the convolutional neural network to extract malware features from the self-constructed dataset. The experimental results show that MDCRV achieves high accuracy while improving security. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF