Securing Linux Cloud Environments: Privacy-Aware Federated Learning Framework for Advanced Malware Detection in Linux Clouds

Cloud computing is integral to modern IT infrastructure, with Linux-based virtual machines (VMs) comprising 95% of public cloud environments. This widespread use makes Linux VMs a prime target for cyberattacks, particularly advanced malware designed for financial gain, data theft, or operational sabotage. Traditional malware detection methods, despite their sophistication, often operate directly on the VMs they protect, making them susceptible to evasion by advanced malware-based threats. Furthermore, these methods are limited by their reliance on data confined to individual VMs, hindering their ability to generalize across different environments. While machine learning (ML) algorithms are frequently used to enhance malware detection, they typically require extensive data sharing, which poses significant risks to data confidentiality and user privacy. To overcome these challenges, we propose a federated learning-based framework for detecting unknown malware in Linux cloud environments. This framework allows a community of VMs, each equipped with a trusted local malware detection mechanism, to collaborate and enhance detection capabilities without sharing the underlying data, thus preserving privacy. The approach involves continuously capturing and converting volatile memory dumps into images, which are then used to train a federated convolutional neural network (CNN) in a decentralized manner. This eliminates the need for manual feature extraction and mitigates the risk of a single point of failure. Experimental results on widely-used Linux VMs demonstrate the framework's effectiveness, achieving an AUC of up to 98.3% in detecting unknown malware, providing a robust and privacy-preserving solution for cloud security.