Netinfo Security ›› 2020, Vol. 20 ›› Issue (9): 92-96.doi: 10.3969/j.issn.1671-1122.2020.09.019

Previous Articles     Next Articles

Abnormal Behavior Detection of Virtualization Platform Based on Image and Machine Learning

WANG Xiangyi1,2, ZHANG Jian1,2()   

  1. 1. College of Cyber Science, Nankai University, Tianjin 300350, China
    2. Tianjin Key Laboratory of Network and Data Security Technology, Tianjin 300350, China
  • Received:2020-07-16 Online:2020-09-10 Published:2020-10-15
  • Contact: Jian ZHANG E-mail:jeffersonzj@qq.com

Abstract:

This paper proposes a method for dynamically detecting abnormal behavior of a virtualization platform based on machine learning. This method relies on the virtualization platform, extracted the system memory during normal program and malware running and dumps it into a file, extracted part of the information through SimHash to form a grayscale image and used local binary mode(LBP) to describe the texture features of the image. The features of image are used to train the constructed convolutional neural network, and the generated model determines whether the virtualization platform has abnormal behavior. Experiments show that the detection rate of virtualization platform can reach 97.5%, which can effectively detect cloud attack events.

Key words: cloud computing, virtualization, convolutional neural network, image feature, abnormal behavior detection

CLC Number: