Analyzing CNN Based Behavioural Malware Detection Techniques on Cloud IaaS

Cloud Infrastructure as a Service (IaaS) is vulnerable to malware due to its exposure to external adversaries, making it a lucrative attack vector for malicious actors. A datacenter infected with malware can cause data loss and/or major disruptions to service for its users. This paper analyzes and compares various Convolutional Neural Networks (CNNs) for online detection of malware in cloud IaaS. The detection is performed based on behavioural data using process level performance metrics including cpu usage, memory usage, disk usage etc. We have used the state of the art DenseNets and ResNets in effectively detecting malware in online cloud system. CNN are designed to extract features from data gathered from a live malware running on a real cloud environment. Experiments are performed on OpenStack (a cloud IaaS software) testbed designed to replicate a typical 3-tier web architecture. Comparative analysis is performed for different metrics for different CNN models used in this research

Coulomb dissociation of O-16 into He-4 and C-12

We measured the Coulomb dissociation of O-16 into He-4 and C-12 within the FAIR Phase-0 program at GSI Helmholtzzentrum fur Schwerionenforschung Darmstadt, Germany. From this we will extract the photon dissociation cross section O-16(alpha,gamma)C-12, which is the time reversed reaction to C-12(alpha,gamma)O-16. With this indirect method, we aim to improve on the accuracy of the experimental data at lower energies than measured so far. The expected low cross section for the Coulomb dissociation reaction and close magnetic rigidity of beam and fragments demand a high precision measurement. Hence, new detector systems were built and radical changes to the (RB)-B-3 setup were necessary to cope with the high-intensity O-16 beam. All tracking detectors were designed to let the unreacted O-16 ions pass, while detecting the C-12 and He-4

Detection of Running Malware Before it Becomes Malicious

As more vulnerabilities are being discovered every year [17], malware constantly evolves forcing improvements and updates of security and malware detection mechanisms. Malware is used directly on the attacked systems, thus anti-virus solutions tend to neutralize malware by not letting it launch or even being stored in the system. However, if malware is launched it is important to stop it as soon as the maliciousness of a new process has been detected. Following the results from [8] in this paper we show, that it is possible to detect running malware before it becomes malicious. We propose a novel malware detection approach that is capable of detecting Windows malware on the earliest stage of execution. The accuracy of more than 99% has been achieved by finding distinctive low-level behavior patterns generated before malware reaches it’s entry point. We also study the ability of our approach to detect malware after it reaches it’s entry point and to distinguish between benign executables and 10 malware families

Correlating High- and Low-Level Features: Increased Understanding of Malware Classification

publishedVersio