Design And Implementation Of A Rapid Malware Detection System In Cloud Environment

Due to the massive data traffic,when detecting malware in a cloud environment,extremely high detection efficiency is required.However,in the existing malware detection methods,the static detection method based on signatures increases geometrically with the increase of traffic.The feature database scale increases geometrically,and the high system overhead of dynamic detection is also difficult to cope with the detection of large traffic.Therefore,a step-by-step detection method using static and dynamic detection is proposed,and a machine learning classification model is used to achieve rapid automated detection of malware,aiming to improve the detection efficiency of malware in the cloud environment.The rapid detection method of malware in a cloud environment is divided into four modules: rapid filtering module,shell processing module,static detection module and dynamic detection module.The quick filtering module calculates the MD5 value of the program to be tested,and filters out the duplicate programs that exist in the black and white list database;the shell processing module checks the shell of the program to be tested and calls the embedded shelling script to automate the shelling process,In order to improve the reliability of the subsequent detection;the static detection module and the dynamic detection module take the static and dynamic characteristics of the sample to be tested separately,and combine the trained static and dynamic classifiers to complete the static detection speed increase first,and then the dynamic detection precision detection the way.According to the method proposed above,a prototype system for rapid detection of malware is implemented.The comprehensive test data set is used to test the detection efficiency and accuracy of each module of the prototype system.At the same time,it is compared with well-known malware detection open source projects.Experiments show that the prototype system can effectively detect malware.On the basis of dynamic detection,the detection time of packed programs is shortened by 19.6% on average;the detection time of unpacked programs is reduced by 71.2% on average.