Research On Virus And Malwares Analysis Based On Cloud Computing

Currently,antivirus software is one of the most widely used tools for detecting and stoppingmalicious and unwanted files.However, the long term effectiveness of traditional hostbased antivirusis questionable. Antivirus software fails to detect many modern threats and its increasing complexityhas resulted in vulnerabilities that are being exploited by malware. The emergence of Cloudcomputing changes present situation.Cloud computing is the development product of distributed computing、parallel computingand utility computing. It congregates large numbers of computation resources and provideson-demand IT services to the remote Internet users.Cloud can provide security services. CloudSecurity services: a large number of client ends monitor software actions,acquiring information aboutmalware and malicious codes,and sending it to cloud in order to analysis and processautomatically.Finally, the solution is allocated to all the client ends.This paper combines virus and malware detection based on cloud computing with algorithmanalysis theory in machine learning and uses a new Central Force Optimization algorithm.Thealgorithm is a new deterministic multi-dimensional search metaheuristic based on the metaphor ofgravitational kinematics. CFO is a deterministic algorithm that explores a decision space by “flying” agroup of “probes whose trajectories are governed by Newton’s laws.This paper prove the correctionand the convergence of CFO algorithm. The applications of CFO have reliable basis oftheory.Then,the algorithm is improved further.A distributed CFO is proposed.Because of deterministiccharacteristic, the algorithm is fit for training of neural network for classification problem.This papertrains the neural network ensemble as the pattern classifier of static behavioral analysis and uses theneural network ensemble to classify the suspicious files.This paper uses Maximal Independent Set algorithm to select virtual machine nodes and installsthe anti-virus software in the node to implement parallel distributed analysis. Meanwhile,the enclosedenvironment in virtual machine nodes is used to monitor dynamic behavior in order to identify virusand malware.The distributed Propagation of Information with Feedback (PIF) protocol algorithm isused to formally describe the procedure of dynamic analysis and analysis report return. According toanalysis environment，this paper improves the PIF and advances the analysis efficiency.On the basis of characteristic of cloud computing,this paper advocates a model for malwaredetection on end hosts based on providing antivirus as an in-cloud network service. We suggest that each end host run a lightweight process to acquire executables entering a system, send them into thenetwork for analysis, and then run or quarantine them based on a threat report returned by the networkservice.In the cloud network,this model,which uses maximal independent dominating set algorithm tooptimize the structure of network and to select the distributed virtual machine nodes, in whichmultiple commercial analysis engine are installed,enables identification of malicious and unwantedsoftware by multiple, heterogeneous detection engines in parallel. Furthermore， in networkcloud,there are two behavioral analysis engines which is dynamic analysis engine and static analysisengine.Virus and malware analysis is the process of determining the purpose and functionality of a givenvirus sample.Currently, The problem of dynamic analysis tools is that only a single program executionis observed,error rate is high. we propose a system,using cloud computer lots of resources,that allowsus to explore multiple execution paths and identify malicious actions that are executed only whencertain conditions are met. The distributed Propagation of Information with Feedback (PIF)protocol algorithm is used to describe analysis process.The improvement of the PIF advances analysisefficiency. The PIF is the distributed algorithm so that it is fit for cloud environment.Our experimentresults show that in many cases we can: detect the existence of trigger-based behavior, find theconditions that trigger such hidden behavior, and find inputs that satisfy those conditions and advanceits performance.Currently almost all static methods for detecting malicious code are signature-based, this leadsthe result that viruses can easily escape detection by simple mechanisms such as code obfuscation.This dissertation researchs the problem of neural network ensemble and application in static detection.Therefore,based on the cloud,a behavior-based detection approach is proposed to address this problem.Unlike the traditional approach, this approach statically analyzes binary code to derive system callsequences based on n-grams.In this dissertation,the author analyzes CFO convergence throughmathematics analysis of Celestial Mechanics.Based on it, distributed Central Force Optimizationalgorithm is proposed in order to train the ensemble neural network.Finally, This dissertationimplement classification of executables. The experimental results show that the proposed approachhas higher accuracy and a lower false positive rate than the other detection approach.