Polymorphic Worms Collection in Cloud Computing
Ashraf A. Shahin
TL;DR
This paper presents a high-interactive honeypot approach for collecting payloads of zero-day polymorphic worms in cloud environments, addressing detection and collection challenges to improve worm signature generation.
Contribution
It introduces a novel honeypot method utilizing VM memory and disk inspection to effectively collect polymorphic worm payloads in cloud platforms.
Findings
The approach successfully collects polymorphic worm payloads.
It overcomes detection and collection challenges in cloud environments.
Experimental results validate its effectiveness.
Abstract
In the past few years, computer worms are seen as one of significant challenges of cloud computing. Worms are rapidly changing and getting more sophisticated to evade detection. One major issue to defend against computer worms is collecting worms' payloads to generate their signature and study their behavior. To collect worms' payloads, we identified challenges for detecting and collecting worms' payloads and proposed high-interactive honeypot to collect payloads of zero-day polymorphic worms in homogeneous and heterogeneous cloud computing platforms. Virtual machine (VM) memory and VM disk image are inspected from outside using open-source forensics tools and VMWare Virtual Disk Development Kit. Our experiments show that the proposed approach overcomes the identified challenges.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection · Digital and Cyber Forensics