Proceedings of the First International Conference on Advanced Scientific Innovation in Science, Engineering and Technology, ICASISET 2020, 16-17 May 2020, Chennai, India

Research Article

The Practicality of using Virtual Machine Introspection Technique with Machine Learning Algorithms for the Detection of Intrusions in Cloud

Download898 downloads
  • @INPROCEEDINGS{10.4108/eai.16-5-2020.2303939,
        author={Alfred Raja Melvin and G Jaspher W Kathrine and J Immanuel  Johnraja},
        title={The Practicality of using Virtual Machine Introspection Technique with Machine Learning Algorithms for the Detection of Intrusions in Cloud},
        proceedings={Proceedings of the First  International Conference on Advanced Scientific Innovation in Science, Engineering and Technology, ICASISET 2020, 16-17 May 2020, Chennai, India},
        publisher={EAI},
        proceedings_a={ICASISET},
        year={2021},
        month={1},
        keywords={virtual machine introspection virtual machine monitor intrusion detection system malware machine learning cloud computing},
        doi={10.4108/eai.16-5-2020.2303939}
    }
    
  • Alfred Raja Melvin
    G Jaspher W Kathrine
    J Immanuel Johnraja
    Year: 2021
    The Practicality of using Virtual Machine Introspection Technique with Machine Learning Algorithms for the Detection of Intrusions in Cloud
    ICASISET
    EAI
    DOI: 10.4108/eai.16-5-2020.2303939
Alfred Raja Melvin1,*, G Jaspher W Kathrine2, J Immanuel Johnraja3
  • 1: Ph.D Scholar, Dept. of CSE, KITS
  • 2: Assistant Professor,Dept. of CSE, KITS
  • 3: Associate Professor, Dept. of CSE, KITS
*Contact email: alfredraja@karunya.edu.in

Abstract

Associate Professor, Dept. of CSE, KITS3 Abstract. This paper presents a novel pattern generation algorithm for the implementation of Virtual Machine Introspection (VMI) based Intrusion Detection System (IDS) for Cloud Computing. The method uses Drakvuf VMI technique for gathering the behavioral characteristics of malware and benign samples. The behavioral characteristics data are then fed to the proposed algorithm for the generation of patterns in-order to generate the dataset. The algorithm includes the generation of frequency distribution of each system calls, hash value based on SHA256 algorithm for the list of file names, hash value based on SHA256 algorithm for the list of process names. Finally, the generated dataset is evaluated using Machine Learning (ML) algorithms with 10-Fold cross validation. It is found that J48 (C4.5) tree classification algorithm performed well with high detection accuracy compared to other ML algorithms. The detection accuracy is 99.1379% for dataset size of 232 instances. As the number of instances in the dataset was increased, the detection accuracy has improved to the maximum of 100% for the dataset size of 273 instances.