Research And System Implementation Of Abnormal Behavior Detection Method Of Virtual Machine Under Cloud Architecture

Virtual machine is the bridge of cloud service interaction.It has been attacked repeatedly and needs protection urgently.Process behavior can be expressed by system call sequence,and the sequence regularity of process with attack will be destroyed.Because the system call sequence is not easy to be tampered with,it can ensure the authenticity of process behavior.Therefore,in order to ensure the security of virtual machines under the cloud architecture,this paper studies the abnormal behavior detection of virtual machines under the Cloud Architecture Based on the system call sequence generated by the process,mainly including the following aspects:(1)A multi-dimensional process abnormal behavior detection method based on LSTM is proposed.The call sequences generated by different process types will differ in length,which makes the single detection method unable to maintain a high level of detection accuracy on multiple process types.To solve this problem,a multi-dimensional process abnormal behavior detection method based on long-term and short-term memory(LSTM)neural network is proposed.On the basis of time dimension,the information dimension of data is added through N-gram algorithm,and the dimension with more obvious characteristics is selected for abnormal judgment.The multi-dimensional method is used to enrich the feature expression forms of call sequences and select the best ones to enhance the generalization ability of detection.(2)Build an abnormal behavior detection framework based on multidimensional data under cloud architecture.In the cloud environment,deploying the abnormal behavior detection system alone consumes too much resources,and large-scale deployment will affect resource utilization.To solve this problem,a distributed computing anomaly detection model under cloud architecture is designed,including distributed data processing and centralized anomaly detection.Reduce the occupation of single host resources by abnormal behavior detection,effectively allocate computing resources and improve the detection efficiency.(3)Design and implement the abnormal behavior detection system of virtual machine under cloud architecture.Based on the designed detection framework,combined with the proposed detection method,data collection,data processing,data detection and alarm feedback are realized,so as to achieve the goal of detecting the abnormal behavior of virtual machine under cloud architecture.Finally,the experimental analysis and system test of the detection method are carried out.On ADFA-LD data set,compared with the general LSTM model,the accuracy of this model is further improved by 4% and the false alarm rate is reduced by50%;On the UNM data set,the accuracy is improved by 3% compared with CNN-LSTM model;The experimental results verify the effectiveness and correctness of the improved detection method,which has good detection effect in different data sets and generalization ability.Then test the availability and reliability of the system.The system can realize complete functions,the consumption of detection resources is lower than that of traditional detection,and the detection of actual combat samples can also reach a higher level.