Volatile memory analysis using the MinHash method for efficient and secured detection of malware in private cloud

Nir Nissim, Omri Lahav, Aviad Cohen, Yuval Elovici, Lior Rokach

Computers & Security 87, 101590, 2019

Today, most organizations employ cloud computing environments for both computational reasons and for storing their critical files and data. Virtual servers are an example of widely used virtual resources provided by cloud computing architecture. Therefore, virtual servers are considered an attractive target for cyber-attackers, who launch their attacks by malware such as the well-known remote access trojans (RATs) and more modern malware such as ransomware and cryptojacking. Existing security solutions implemented on virtual servers fail to detect these newly created malware (zero-day attacks). In fact, by the time the security solution is updated, the organization has likely already been attacked. In this study, we present a designated framework aimed at trusted and secured detection of newly created and unknown instances of malware on virtual machines in an organization’s private cloud. We took volatile …