A Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual Machines
Abstract A Tenant Virtual Machine (TVM) user in the cloud may misuse its computing power to launch malware attack against other tenant VMs, Host OS, Hypervisor, or any other computing devices/resources inside the cloud environment of a Cloud Service Provider. The security solutions deployed within t...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-03-01
|
| Series: | International Journal of Computational Intelligence Systems |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s44196-025-00781-z |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849390266138492928 |
|---|---|
| author | A. Alfred Raja Melvin Jaspher W. Kathrine Andrew Jeyabose D. Cenitta |
| author_facet | A. Alfred Raja Melvin Jaspher W. Kathrine Andrew Jeyabose D. Cenitta |
| author_sort | A. Alfred Raja Melvin |
| collection | DOAJ |
| description | Abstract A Tenant Virtual Machine (TVM) user in the cloud may misuse its computing power to launch malware attack against other tenant VMs, Host OS, Hypervisor, or any other computing devices/resources inside the cloud environment of a Cloud Service Provider. The security solutions deployed within the TVM may not be reliable, as malware can disable them or remain undetected due to its hidden nature. Therefore, security solutions deployed outside the virtual machine are necessary. This research proposes deploying an Intrusion Detection System (IDS) at the Hypervisor layer, utilizing time series system call data and employing a Convolutional Neural Network (CNN) model to accurately detect the presence of malicious (malware) computer programs within virtual machines. The raw VMM system call traces are transformed into novel Time Series System Call patterns and utilized by a deep learning algorithm for training and building the classifier model. A deep learning model, CNN, is used to build the classifier model for detecting intrusions with high accuracy. It is capable of detecting both known and unknown malware. The CNN model is compared with machine learning algorithms for the results and discussions, and it outperforms ML algorithms in terms of intrusion detection accuracy when utilizing novel time series system call data.. |
| format | Article |
| id | doaj-art-819facc831794f8dbbe11bc9e5c3c62b |
| institution | Kabale University |
| issn | 1875-6883 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | Springer |
| record_format | Article |
| series | International Journal of Computational Intelligence Systems |
| spelling | doaj-art-819facc831794f8dbbe11bc9e5c3c62b2025-08-20T03:41:43ZengSpringerInternational Journal of Computational Intelligence Systems1875-68832025-03-0118112210.1007/s44196-025-00781-zA Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual MachinesA. Alfred Raja Melvin0Jaspher W. Kathrine1Andrew Jeyabose2D. Cenitta3Division of Computer Science and Engineering, Karunya Institute of Technology and SciencesDivision of Computer Science and Engineering, Karunya Institute of Technology and SciencesDepartment of Computer Science and Engineering, Manipal Institute of Technology, Manipal Academy of Higher EducationDepartment of Computer Science and Engineering, Manipal Institute of Technology, Manipal Academy of Higher EducationAbstract A Tenant Virtual Machine (TVM) user in the cloud may misuse its computing power to launch malware attack against other tenant VMs, Host OS, Hypervisor, or any other computing devices/resources inside the cloud environment of a Cloud Service Provider. The security solutions deployed within the TVM may not be reliable, as malware can disable them or remain undetected due to its hidden nature. Therefore, security solutions deployed outside the virtual machine are necessary. This research proposes deploying an Intrusion Detection System (IDS) at the Hypervisor layer, utilizing time series system call data and employing a Convolutional Neural Network (CNN) model to accurately detect the presence of malicious (malware) computer programs within virtual machines. The raw VMM system call traces are transformed into novel Time Series System Call patterns and utilized by a deep learning algorithm for training and building the classifier model. A deep learning model, CNN, is used to build the classifier model for detecting intrusions with high accuracy. It is capable of detecting both known and unknown malware. The CNN model is compared with machine learning algorithms for the results and discussions, and it outperforms ML algorithms in terms of intrusion detection accuracy when utilizing novel time series system call data..https://doi.org/10.1007/s44196-025-00781-zVMIVMMCNNTime series dataSystem callsDeep learning |
| spellingShingle | A. Alfred Raja Melvin Jaspher W. Kathrine Andrew Jeyabose D. Cenitta A Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual Machines International Journal of Computational Intelligence Systems VMI VMM CNN Time series data System calls Deep learning |
| title | A Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual Machines |
| title_full | A Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual Machines |
| title_fullStr | A Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual Machines |
| title_full_unstemmed | A Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual Machines |
| title_short | A Deep Learning Model Leveraging Time-Series System Call Data to Detect Malware Attacks in Virtual Machines |
| title_sort | deep learning model leveraging time series system call data to detect malware attacks in virtual machines |
| topic | VMI VMM CNN Time series data System calls Deep learning |
| url | https://doi.org/10.1007/s44196-025-00781-z |
| work_keys_str_mv | AT aalfredrajamelvin adeeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines AT jaspherwkathrine adeeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines AT andrewjeyabose adeeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines AT dcenitta adeeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines AT aalfredrajamelvin deeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines AT jaspherwkathrine deeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines AT andrewjeyabose deeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines AT dcenitta deeplearningmodelleveragingtimeseriessystemcalldatatodetectmalwareattacksinvirtualmachines |