Cost-Effective Malware Detection as a Service Over Serverless Cloud Using Deep Reinforcement Learning

The current trends of cloud computing in general, and serverless computing in particular, affect multiple aspects of organizational activity. Organizations of all sizes are transitioning parts of their operations off-premise in order to reduce costs and scale their operations more efficiently. The field of network security is no exception, with many organizations taking advantage of the distributed and scalable cloud environment. Since the charging model for serverless computing is "pay as you go" (i.e., payment per action), a reduction in the number of required computations translates into significant cost savings. This understanding is also relevant to the field of malware detection, where organizations often deploy multiple types of detectors to increase detection accuracy. In this study, we utilize deep reinforcement learning to reduce computational costs in the cloud by selectively querying only a subset of available detectors. We demonstrate that our approach is not only effective both for on-premise and cloud-based computing architectures, but that applying it to serverless computing can reduce costs by an order of magnitude while maintaining near-optimal performance.

[1]  Sergey Levine,et al.  Trust Region Policy Optimization , 2015, ICML.

[2]  Joelle Pineau,et al.  An Actor-Critic Algorithm for Sequence Prediction , 2016, ICLR.

[3]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[4]  Panayiotis Bozanis,et al.  Business Application Acquisition: On-Premise or SaaS-Based Solutions? , 2012, IEEE Software.

[5]  Peter Stone,et al.  Deep Reinforcement Learning in Parameterized Action Space , 2015, ICLR.

[6]  Christopher Krügel,et al.  Challenges for Dynamic Analysis of iOS Applications , 2011, iNetSeC.

[7]  Geyong Min,et al.  Learning-Based Resource Allocation in Cloud Data Center using Advantage Actor-Critic , 2019, ICC 2019 - 2019 IEEE International Conference on Communications (ICC).

[8]  Gojko Adzic,et al.  Serverless computing: economic and architectural impact , 2017, ESEC/SIGSOFT FSE.

[9]  Fredrik A. Dahl,et al.  A Reinforcement Learning Algorithm Applied to Simplified Two-Player Texas Hold'em Poker , 2001, ECML.

[10]  Sunil Kumar Khatri,et al.  Analysis of Detection and Prevention of Malware in Cloud Computing Environment , 2019, 2019 Amity International Conference on Artificial Intelligence (AICAI).

[11]  Michael J. Cerullo,et al.  Business Continuity Planning: A Comprehensive Approach , 2004, Inf. Syst. Manag..

[12]  Ravi S. Sandhu,et al.  Online Malware Detection in Cloud Auto-scaling Systems Using Shallow Convolutional Neural Networks , 2019, DBSec.

[13]  Demis Hassabis,et al.  Mastering the game of Go without human knowledge , 2017, Nature.

[14]  Jianguo Liu,et al.  AAD: Adaptive Anomaly Detection System for Cloud Computing Infrastructures , 2012, 2012 IEEE 31st Symposium on Reliable Distributed Systems.

[15]  Shijun Liu,et al.  DRL-Scheduling: An Intelligent QoS-Aware Job Scheduling Framework for Applications in Clouds , 2018, IEEE Access.

[16]  P. Pradeep Kumar,et al.  Data Security through Confidentiality in Cloud Computing Environment , 2011 .

[17]  Geoffrey C. Fox,et al.  Evaluation of Production Serverless Computing Environments , 2018, 2018 IEEE 11th International Conference on Cloud Computing (CLOUD).

[18]  Shane Legg,et al.  Human-level control through deep reinforcement learning , 2015, Nature.

[19]  Yuval Elovici,et al.  Unknown malcode detection via text categorization and the imbalance problem , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[20]  Ji Li,et al.  DRL-cloud: Deep reinforcement learning-based resource provisioning and task scheduling for cloud service providers , 2018, 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC).

[21]  Todd R. Andel,et al.  Phase Space Detection of Virtual Machine Cyber Events Through Hypervisor-Level System Call Analysis , 2018, 2018 1st International Conference on Data Intelligence and Security (ICDIS).

[22]  Yuval Elovici,et al.  Unknown Malcode Detection Using OPCODE Representation , 2008, EuroISI.

[23]  Karthik Raman,et al.  Selecting Features to Classify Malware , 2012 .

[24]  Mark Stamp,et al.  A comparison of static, dynamic, and hybrid analysis for malware detection , 2015, Journal of Computer Virology and Hacking Techniques.

[25]  Ravi S. Sandhu,et al.  Clustering-Based IaaS Cloud Monitoring , 2017, 2017 IEEE 10th International Conference on Cloud Computing (CLOUD).

[26]  David Hutchison,et al.  Malware Detection in Cloud Computing Infrastructures , 2016, IEEE Transactions on Dependable and Secure Computing.

[27]  Wojciech Zaremba,et al.  OpenAI Gym , 2016, ArXiv.

[28]  Jon Barker,et al.  Malware Detection by Eating a Whole EXE , 2017, AAAI Workshops.