CloudAV: N-version antivirus in the network cloud
作者: Farnam Jahanian , Jon Oberheide , Evan Cooke
DOI:
关键词:
摘要: Antivirus software is one of the most widely used tools for detecting and stopping malicious unwanted files. However, long term effectiveness traditional host-based antivirus questionable. fails to detect many modern threats its increasing complexity has resulted in vulnerabilities that are being exploited by malware. This paper advocates a new model malware detection on end hosts based providing as an in-cloud network service. enables identification multiple, heterogeneous engines parallel, technique we 'N-version protection'. approach provides several important benefits including better software, enhanced forensics capabilities, retrospective detection, improved deployability management. To explore this idea construct deploy production quality system called CloudAV. CloudAV includes lightweight, cross-platform host agent service with ten two behavioral engines. We evaluate performance, scalability, efficacy using data from real-world deployment lasting more than six months database 7220 samples covering year period. Using dataset find 35% coverage against recent compared single engine 98% rate across full dataset. show average length time 48 days can greatly minimize impact delay. Finally, relate case studies demonstrating how capabilities were operators during deployment.
oberheide.org
ucsb.edu
acm.org 参考文章(13)
Farnam Jahanian, Jon Oberheide, Evan Cooke, Rethinking antivirus: executable analysis in the network cloud usenix conference on hot topics in security. pp. 5- ,(2007)
Henry M. Levy, Alexander Moshchuk, Steven D. Gribble, Tanya Bragin, Damien Deville, SpyProxy: execution-based detection of malicious web content usenix security symposium. pp. 3- ,(2007)
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)
Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, Salvatore J. Stolfo, An Email Worm Vaccine Architecture Information Security Practice and Experience. pp. 97- 108 ,(2005) , 10.1007/978-3-540-31979-5_9
Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling, The Nepenthes Platform: An Efficient Approach to Collect Malware Lecture Notes in Computer Science. pp. 165- 184 ,(2006) , 10.1007/11856214_9
Vern Paxson, Nicholas Weaver, Abhishek Kumar, Exploiting underlying structure for detailed reconstruction of an internet-scale event internet measurement conference. pp. 33- 33 ,(2005) , 10.5555/1251086.1251119
Piotr Indyk, Rajeev Motwani, Prabhakar Raghavan, Santosh Vempala, Locality-preserving hashing in multidimensional spaces symposium on the theory of computing. pp. 618- 625 ,(1997) , 10.1145/258533.258656
Stelios Sidiroglou, Angelos Stavrou, Angelos D. Keromytis, Mediated overlay services (MOSES): Network security as a composable service ieee sarnoff symposium. pp. 1- 7 ,(2007) , 10.1109/SARNOF.2007.4567338
Rodrigo Rodrigues, Miguel Castro, Barbara Liskov, BASE: using abstraction to improve fault tolerance symposium on operating systems principles. ,vol. 35, pp. 15- 28 ,(2001) , 10.1145/502034.502037
A. Avizienis, The N-Version Approach to Fault-Tolerant Software IEEE Transactions on Software Engineering. ,vol. SE-11, pp. 1491- 1501 ,(1985) , 10.1109/TSE.1985.231893