Automated detection of malicious behavior in Cloud
In [1] we focused on identifying the symptoms of malicious behavior
automatically as oppose to directly looking for the (signature of)
malware within a Cloud. Symptoms are closely related to malware
components, which are proved to be popular between the malware
writers, as using of compoenents reduce the time of writing
malware and increase the quality of the malware. I
strongly believe that any realistic solution to software and
application security must take into consideration the key role
played by hardware security. We make use of
Introspection for detecting the symptoms [2]. In addition we make
use of code generation and Domain Specific Languages technology to
make the developed technics accessible to security experts [3]. This
research project is in collaboration with Cloud and Security at HP
research Lab.
Selected publications
-
A framework for detecting malware in Cloud by identifying symptoms K. Harrison, B. Bordbar, S.T.T. Ali, C. Dalton and A. Norman. 16th IEEE International EDOC Conference, 2012. (nominated for the best paper award)
-
Dynamic Defence in Cloud via Introspection (in preparation)
-
A DSL for Cloud Introspection to detect malicious behavior (submitted for publication)
