In the rapidly evolving field of cybersecurity, effective threat behaviour identification is essential for identifying and mitigating threats, particularly in a virtualized environment. In this paper, we propose a hybrid VMM-IDS security framework, called DeepIntrospector, that leverages both network and system artifacts of applications to enhance threat detection capabilities. In our method, we extract critical artifacts from both network traffic and system memory logs of emerging network malware families at the hypervisor level. The proposed traffic behaviour monitoring mechanism develops a deep learning model using bidirectional long short-term memory(Bi-LSTM) to identify the malicious network behaviour from traffic logs. The proposed system behaviour monitoring mechanism develops a deep learning model using a dense neural network (DNN) from system logs. Each of the model assigns a prediction scores to the executables, indicating their potential threat level. By applying the alert fusion mechanism, we synthesize these scores to enhance the accuracy of the prediction of the proposed security model. The framework is validated using the emerging malware dataset, and the results seem promising.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

DeepIntrospector: On Designing an Alert-Fusion Based Hybrid VMM-IDS Framework for Effective Threat Identification

  • Arjun Singh,
  • Anshi Kothari,
  • Sarthak Kathait,
  • Shantanu Joshi,
  • Avantika Gaur,
  • Mayank Pathak,
  • Preeti Mishra

摘要

In the rapidly evolving field of cybersecurity, effective threat behaviour identification is essential for identifying and mitigating threats, particularly in a virtualized environment. In this paper, we propose a hybrid VMM-IDS security framework, called DeepIntrospector, that leverages both network and system artifacts of applications to enhance threat detection capabilities. In our method, we extract critical artifacts from both network traffic and system memory logs of emerging network malware families at the hypervisor level. The proposed traffic behaviour monitoring mechanism develops a deep learning model using bidirectional long short-term memory(Bi-LSTM) to identify the malicious network behaviour from traffic logs. The proposed system behaviour monitoring mechanism develops a deep learning model using a dense neural network (DNN) from system logs. Each of the model assigns a prediction scores to the executables, indicating their potential threat level. By applying the alert fusion mechanism, we synthesize these scores to enhance the accuracy of the prediction of the proposed security model. The framework is validated using the emerging malware dataset, and the results seem promising.