The Practicality of using Virtual Machine Introspection Technique with Machine Learning Algorithms for the Detection of Intrusions in Cloud

Associate Professor, Dept. of CSE, KITS3 Abstract. This paper presents a novel pattern generation algorithm for the implementation of Virtual Machine Introspection (VMI) based Intrusion Detection System (IDS) for Cloud Computing. The method uses Drakvuf VMI technique for gathering the behavioral characteristics of malware and benign samples. The behavioral characteristics data are then fed to the proposed algorithm for the generation of patterns in-order to generate the dataset. The algorithm includes the generation of frequency distribution of each system calls, hash value based on SHA256 algorithm for the list of file names, hash value based on SHA256 algorithm for the list of process names. Finally, the generated dataset is evaluated using Machine Learning (ML) algorithms with 10-Fold cross validation. It is found that J48 (C4.5) tree classification algorithm performed well with high detection accuracy compared to other ML algorithms. The detection accuracy is 99.1379% for dataset size of 232 instances. As the number of instances in the dataset was increased, the detection accuracy has improved to the maximum of 100% for the dataset size of 273 instances.