PHOENIX: A Cloud-based Framework for Ensemble Malware Detection

The rise in the number and complexity of malware attacks has become a serious threat to computer systems and networks. Consequently, there is a growing need for advanced techniques to detect and mitigate these threats effectively. To address this issue, this paper presents PHOENIX, a cloud-based framework for automatically analyzing malicious binaries using multiple commercial malware detection tools or antiviruses. By leveraging ensemble detection, PHOENIX enhances detection accuracy and robustness, and avoids lock-in with a single antimalware software vendor. Unlike existing cloud-based platforms and sandboxes such as VirusTotal or antiscan.me, PHOENIX can be deployed within private enterprises, thereby eliminating concerns about leakage of confidential data or sensitive information that may be associated with the analyzed files online. The framework is easy to use, is independent of the underlying cloud provider, and can be integrated into existing deployments by automating the assessment procedures. In addition, PHOENIX provides a variety of metadata extractors, and its modular design allows users to add new detection mechanisms quickly. Finally, we evaluate the effectiveness of PHOENIX with preliminary experimental results where we show the detection rate of 6 different malware against 8 anti-malware software.