TKRD : trusted kernel rootkit detection for cybersecurity of VMs based on machine learning and memory forensic analysis
Wang, Xiao and Zhang, Jianbiao and Zhang, Ai and Ren, Jinchang (2019) TKRD : trusted kernel rootkit detection for cybersecurity of VMs based on machine learning and memory forensic analysis. Mathematical Biosciences and Engineering, 16 (4). pp. 2650-2667. ISSN 1551-0018 (https://doi.org/10.3934/mbe.2019132)
Preview |
Text.
Filename: Wang_etal_MBE_2019_trusted_kernel_rootkit_detection_for_cybersecurity_of_VMs_based_on_machine_learning.pdf
Final Published Version License: Download (559kB)| Preview |
Abstract
The promotion of cloud computing makes the virtual machine (VM) increasingly a target of malware attacks in cybersecurity such as those by kernel rootkits. Memory forensic, which observes the malicious tracks from the memory aspect, is a useful way for malware detection. In this paper, we propose a novel TKRD method to automatically detect kernel rootkits in VMs from private cloud, by combining VM memory forensic analysis with bio-inspired machine learning technology. Malicious features are extracted from the memory dumps of the VM through memory forensic analysis method. Based on these features, various machine learning classifiers are trained including Decision tree, Rule based classifiers, Bayesian and Support vector machines (SVM). The experiment results show that the Random Forest classifier has the best performance which can effectively detect unknown kernel rootkits with an Accuracy of 0.986 and an AUC value (the area under the receiver operating characteristic curve) of 0.998.
ORCID iDs
Wang, Xiao, Zhang, Jianbiao, Zhang, Ai and Ren, Jinchang ORCID: https://orcid.org/0000-0001-6116-3194;-
-
Item type: Article ID code: 68098 Dates: DateEvent26 March 2019Published13 March 2019AcceptedSubjects: Technology > Electrical engineering. Electronics Nuclear engineering
Science > Mathematics > Electronic computers. Computer scienceDepartment: Faculty of Engineering > Electronic and Electrical Engineering Depositing user: Pure Administrator Date deposited: 29 May 2019 10:46 Last modified: 23 Sep 2024 18:34 Related URLs: URI: https://strathprints.strath.ac.uk/id/eprint/68098