SplitScreen: Enabling efficient, distributed malware detection

Kil, Sang; Moraru, Iulian; Jang, Jiyong; Truelove, John; Brumley, David; Andersen, David G.

doi:10.1109/jcn.2011.6157418

Cited by 56 publications

(71 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Cloud [4] Wireless Network [13] Access Control [14] [15,16,22,26]. Also, there is a solution designed for Android mobile devices [17].…”

Section: Purpose Related Workmentioning

confidence: 99%

“…After analyzing the file, the server sends the result to the client, and then CloudAV determines whether to block the file or not on the basis of the result. Because CloudAV, however, sends the files to the server to examine, it may violate the privacy of users who handle sensitive data [15,16].…”

Section: Cloudavmentioning

confidence: 99%

“…SplitScreen [16] proposes the cloud-based signature antivirus. To reduce violating the privacy, SplitScreen sends a bit vector of a file which showed the suspicious result from the prematch to the server instead of sending the whole of the file.…”

Section: Splitscreenmentioning

confidence: 99%

See 2 more Smart Citations

MWMon: A Software Defined Network-based Malware Monitor

Jo¹,

Shin²

2015

Journal of the Korea Industrial Information Systems Research

View full text Add to dashboard Cite

An antivirus is a widely used solution for detecting malicious softwares in client devices.The performance of antivirus solutions in the mobile client environment is critical due to its resource constrains. Many solutions light-weighting client's overhead in the mobile client environment have been developed. However, most solutions require platform modifications or software installations and it decreases their realizations in practice. In this paper, we propose a solution detecting malwares on networks using the Software Defined Network (SDN). Our main goal is designing a solution detecting malwares of mobile client without involving the client into the work. We contribute to provide a solution that does not require client-side installations or modifications and so is easily applicable in practice.

show abstract

“…Cloud [4] Wireless Network [13] Access Control [14] [15,16,22,26]. Also, there is a solution designed for Android mobile devices [17].…”

Section: Purpose Related Workmentioning

confidence: 99%

Section: Cloudavmentioning

confidence: 99%

See 1 more Smart Citation

MWMon: A Software Defined Network-based Malware Monitor

Jo¹,

Shin²

2015

Journal of the Korea Industrial Information Systems Research

View full text Add to dashboard Cite

show abstract

“…Increasingly sophisticated antivirus software added to the growing amount and complexity of malware demands more processing power from personal computers, more specifically from the central processor unit (CPU) [7].…”

Section: Introductionmentioning

confidence: 99%

Endpoint Security in Networks: An OpenMP Approach for Increasing Malware Detection Speed

et al. 2017

View full text Add to dashboard Cite

Increasingly sophisticated antivirus (AV) software and the growing amount and complexity of malware demand more processing power from personal computers, specifically from the central processor unit (CPU). This paper conducted performance tests with Clam AntiVirus (ClamAV) and improved its performance through parallel processing on multiple cores using the Open Multi-Processing (OpenMP) library. All the tests used the same dataset constituted of 1.33 GB of data distributed among 2766 files of different sizes. The new parallel version of ClamAV implemented in our work achieved an execution time around 62% lower than the original software version, reaching a speedup of 2.6 times faster. The main contribution of this work is to propose and implement a new version of the ClamAV antivirus using parallel processing with OpenMP, easily portable to a variety of hardware platforms and operating systems.

show abstract

“…, ClamAV [19]를 확장하여 악 성코드를 탐지하는 방법 [10], 명령어 빈도수를 이용한 방법 [3], 함수의 길이를 이용한 방법 [6], 함수 호출 그래프를 이용한 방법 [8], 바이트 레벨 파일 컨텐츠 분석 방법 [7], API 조합을 이용한 윈도우 악성행위 분류 기법 [11] 참 고 문 헌…”

unclassified

A Classification Method for Executable Files based on Comparison of Undocumented Information in the PE Header

Kim¹,

Kang²,

Kim³

et al. 2013

KIPS Transactions on Computer and Communication Systems

View full text Add to dashboard Cite

File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the file identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

show abstract

SplitScreen: Enabling efficient, distributed malware detection

Cited by 56 publications

References 20 publications

MWMon: A Software Defined Network-based Malware Monitor

MWMon: A Software Defined Network-based Malware Monitor

Endpoint Security in Networks: An OpenMP Approach for Increasing Malware Detection Speed

A Classification Method for Executable Files based on Comparison of Undocumented Information in the PE Header

Contact Info

Product

Resources

About