SEER: practical memory virus scanning as a service
作者: Jason Gionta , Ahmed Azab , William Enck , Peng Ning , Xiaolan Zhang
关键词:
摘要: Virus Scanning-as-a-Service (VSaaS) has emerged as a popular security solution for virtual cloud environments. However, existing approaches fail to scan guest memory, which can contain an emerging class of Memory-only Malware. While several host-based memory scanners are available, they computationally less practical This paper proposes SEER architecture enabling Memory VSaaS virtualized leverages resources and technologies consolidate aggregate virus scanning activities efficiently detect malware residing in memory. Specifically, combines fast snapshotting computation deduplication provide efficient off-host scanning. We evaluate demonstrate up 87% reduction data size that must be scanned 72% savings overall time, compared naively applying file-based approaches. Furthermore, provides 50% time when using warm cache. In doing so, vendors transparently periodically machine malware.
acm.org
enck.org 参考文章(13)
Blake Hartstein, Matthew Richard, Steven Adair, Michael Ligh, Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code ,(2010)
Farnam Jahanian, Jon Oberheide, Evan Cooke, CloudAV: N-version antivirus in the network cloud usenix security symposium. pp. 91- 106 ,(2008)
Paul Mackerras, Andrew Tridgell, The rsync algorithm The Australian National University. ,(1996)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Antonio Bianchi, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, Blacksheep Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 341- 352 ,(2012) , 10.1145/2382196.2382234
Diwaker Gupta, Sangmin Lee, Michael Vrable, Stefan Savage, Alex C. Snoeren, George Varghese, Geoffrey M. Voelker, Amin Vahdat, Difference engine: harnessing memory redundancy in virtual machines Communications of The ACM. ,vol. 53, pp. 85- 93 ,(2010) , 10.1145/1831407.1831429
Craig A.N. Soules, Kimberly Keeton, Charles B. Morrey, SCAN-Lite: enterprise-wide analysis on the cheap european conference on computer systems. pp. 117- 130 ,(2009) , 10.1145/1519065.1519079
Xuxian Jiang, Xinyuan Wang, Dongyan Xu, Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction computer and communications security. pp. 128- 138 ,(2007) , 10.1145/1315245.1315262
Brendan Dolan-Gavitt, The VAD tree: A process-eye view of physical memory digital forensic research workshop. ,vol. 4, pp. 62- 64 ,(2007) , 10.1016/J.DIIN.2007.06.008
Brendan Dolan-Gavitt, Tim Leek, Michael Zhivich, Jonathon Giffin, Wenke Lee, Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection ieee symposium on security and privacy. pp. 297- 312 ,(2011) , 10.1109/SP.2011.11