摘要
文章提出了一种基于图像和深度学习的虚拟化平台异常行为检测方法,并设计实现了系统原型。该方法借助Xen虚拟化平台分别对虚拟机运行正常软件和恶意软件过程中的系统内存进行转储,收集到包含1100个正常行为和2200个异常行为的内存转储文件。针对每个文件,提取了其前10 MB的系统敏感区域,而后利用SFC将其转换为二维图像。最后,使用卷积神经网络对内存图像进行分类,判断虚拟化平台是否存在异常行为。实验结果表明,该系统取得了98.78%的分类准确率,能够有效检测虚拟化平台中存在的异常行为。
This paper proposed an abnormal behavior detection method implemented of virtualization platform based on image and deep learning,designed and implemented the system prototype.This method used the Xen virtualization platform to dump the system memory of VMS running normal software and malicious software respectively and collects 1100 memory dump files containing normal behaviors and 2200 memory dump files containing abnormal behaviors.For each file,the first 10 MB of system sensitive area is extracted and then converted into a 2-dimensional image using SFC.Finally,convolutional neural network is used to classify the memory images to judge whether there are abnormal behaviors in the virtualization platform.Experimental results show that the system achieves 98.78%classification accuracy and can effectively detect abnormal behaviors in virtualization platform.
作者
林发鑫
张健
LIN Faxin;ZHANG Jian(College of Cyber Science,Nankai University,Tianjin 300350,China;Tianjin Key Laboratory of Network and Data Security Technology,Tianjin 300350,China)
出处
《信息网络安全》
CSCD
北大核心
2022年第11期62-67,共6页
Netinfo Security
基金
国家重点研发计划(2021YFF0307202)
天津市新一代人工智能科技重大专项(19ZXZNGX00090)
天津市重点研发计划(20YFZCGX00680)。
关键词
云计算
虚拟化
异常行为检测
卷积神经网络
cloud computing
virtualization
abnormal behavior detection
convolutional neural network
