DeepHyperv: A deep neural network based virtual memory analysis for malware detection at hypervisor-layer

Security holds great significance in this new era of on-demand virtual computing. As software and hardware update daily, malware is also modifying its behavior rapidly. Some researchers are still working in this area to handle the recent cyber-attacks in critical virtualization ecosystems. The existing research works may not be suitable with the existing updated virtualization environment as they have been validated with older datasets. In this paper, a deep neural network (DNN) based malware detection approach has been proposed, called DeepHyperv, to detect the malware threats in a virtualization environment by doing the deep virtual memory analysis. Direct access to the analysis components is prohibited in the proposed architecture by deploying them inside the privileged domain of the hypervisor. The process execution logs are collected at the hypervisor using the memory introspection technique with the support of recent hardware and software configurations of analysis setup and virtualization environment. The logs are pre-processed and converted into a discrete feature vector matrix. The approach uses DNN to learn & test the extracted features at the hypervisor. The approach is validated in the test bed setup of our lab, and results seem to promising.