Abstract
Cybercrime caused by malware becomes a persistent and damaging threat which makes the trusted security solution urgently demanded, especially for resource-constrained ends. The existing industry and academic approaches provide available anti-malware systems based on different perspectives. However, it is hard to achieve high performance detection and data privacy protection simultaneously. This paper proposes a cloud-based anti-malware system, called RScam, which provides fast and trusted security service for the resource-constrained ends. In RScam, we present suspicious bucket filtering, a novel signature-based detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. Then we design a lightweight client which utilizes the digest of signature fragments to sharply reduce detection range. Finally, we design balanced interaction mechanism, which transmits sketch coordinates of suspicious file fragments and transformation of malicious signature fragments between the client and cloud server to protect data privacy and reduce traffic volume. We evaluate the performance of RScam with campus suspicious traffic and normal files. The results demonstrate validity and veracity of the proposed mechanism. Our system can outperform other existing systems with less time and traffic consumption.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Symantec Corporation Internet Security Threat Report 2015, vol. 20 (2015). http://www.symantec.com/security_response/publications/threatreport.jsp
McAfee threats report: fourth quarter (2014). http://www.mcafee.com/us/mcafee-labs.aspx
Chen, Z., Ji, C.: An information-theoretic view of network aware malware attacks. IEEE Transactions on Information Forensics and Security 4(3), 530–541 (2009)
Aho, A.V., Corasick, M.J.: Efficient string matching: an aid to bibliographic search. Comm. of the ACM 18, 333–340 (1975)
Wu, S., Manber, U.: A fast algorithm for multi-pattern searching. Technical Report TR-94-17, University of Arizona (1994)
Clamav. http://www.clamav.net
Vasiliadis, G., Ioannidis, S.: GrAVity: a massively parallel antivirus engine. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 79–96. Springer, Heidelberg (2010)
AV-comparative.: On-demand detection of malicious software. Technical Report, AV-comparative (2010)
Cha, S.K., et al.: Splitscreen: enabling efficient, distributed malware detection. In: Proc. of NSDI, pp. 12–25 (2010)
Oberheide, J., Cooke, E., Jahanian, F.: CloudAV: N-version antivirus in the network cloud. In: Proc. of the 17th USENIX Security Symposium, pp. 91–106 (2008)
Erdogan, O., Cao, P.: Hash-AV: fast virus signature scanning by cache-resident filters. International Journal of Security and Networks 2, 50–59 (2007)
Venugopal, D., Hu, G.: Efficient signature based malware detection on mobile devices. Mobile Information Systems 4(1), 33–49 (2008)
Oberheide, J., Veeraraghavan, K., Cooke, E., Flinn, J., Jahanian, F.: Virtualized in-cloud security services for mobile devices. In: Proc. of the First Workshop on Virtualization in Mobile Computing, pp. 31–35 (2008)
Xu, J., Yan, J., He, L., Su, P., Feng, D.: CloudSEC: a cloud architecture for composing collaborative security services. In: 2nd IEEE International Conference on Cloud Computing Technology and Science, pp. 703–711 (2010)
Jakobsson, M., Juels, A.: Server-side detection of malware infection. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, pp. 11–22. ACM (2009)
Bloom, B.H.: Space/Time Trade-offs in Hash Coding with Allowable Errors. Comm. of the ACM 13, 422–426 (1970)
Haghighat, M.H., Tavakoli, M., Kharrazi, M.: Payload Attribution via Character Dependent Multi-Bloom Filters. IEEE Transactions on Information Forensics and Security 8(5), 705–716 (2013)
Muthukrishnan, S.: Data streams: Algorithms and application. Foundations and Trends in Theoretical Computer Science 1(2) (2005)
Krishnamurthy, B., Sen, S., Zhang, Y., Chen, Y.: Sketch-based change detection: methods, evaluation, and applications. In: Proceeding of ACM SIGCOMM IMC, pp. 234–247 (2003)
Schweller, R., Li, Z., Chen, Y., Gao, Y., et al.: Reversible sketches: enabling monitoring and analysis over high-speed data streams. IEEE/ACM Transactions on Networking 15(5), 1059–1072 (2007)
Tang, Y., Xiao, B., Lu, X.: Signature Tree Generation for Polymorphic Worms. IEEE Transactions on Computers 60(4), 565–579 (2011)
He, M., Gong, Z., Chen, L.: Securing network coding against pollution attacks in P2P converged ubiquitous networks. Peer-to-Peer Networking and Applications 8(4), 642–650 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Sun, H., Wang, X., Su, J., Chen, P. (2015). RScam: Cloud-Based Anti-Malware via Reversible Sketch. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-28865-9_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28864-2
Online ISBN: 978-3-319-28865-9
eBook Packages: Computer ScienceComputer Science (R0)