Retrospective detection of malware attacks by cloud computing

Shun Te Liu, Yi Ming Chen

研究成果: 書貢獻/報告類型會議論文篇章同行評審

17 引文 斯高帕斯(Scopus)

摘要

As malware becomes pervasive and fast-evolving on the Internet, every computer linking to the outer world faces the risks of malware attacks. Therefore, it is important to not only detect malware as early as possible but also to determine which computer has been attacked. Among the various methods to find and trace the existence of malware, retrospective detection is promising one. Once a threat is identified, it allows one to determine exactly which host or users open similar files by searching historical information. In the past, the huge volume of historical information represents an insurmountable barrier to such traces. Fortunately, with the evolution of cloud computing technologies, this barrier can be broken. In this paper, we propose a new retrospective detection approach based on Portable Executable (PE) format file relationships. We implement our system in a Hadoop platform and use 18 real-world malware to do effective and efficient tests. Our results show that our system has a higher detection rate as well as a lower false positive rate than the famous Splunk tool. We also find that, although cloud computing is suitable for processing a small number of huge files, it has shortcomings in dealing with a large number of small files.

原文???core.languages.en_GB???
主出版物標題Proceedings - 2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2010
頁面510-517
頁數8
DOIs
出版狀態已出版 - 2010
事件2nd International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2010 - Huangshan, China
持續時間: 10 10月 201012 10月 2010

出版系列

名字Proceedings - 2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2010

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???2nd International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2010
國家/地區China
城市Huangshan
期間10/10/1012/10/10

指紋

深入研究「Retrospective detection of malware attacks by cloud computing」主題。共同形成了獨特的指紋。

引用此