Skip to main content
SpringerLink
Log in

PriMal: Cloud-Based Privacy-Preserving Malware Detection

  • Conference paper
  • First Online:
Book cover Information Security and Privacy (ACISP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10343))

Included in the following conference series:

Abstract

The ongoing threat of malware has raised significant security and privacy concerns. Motivated by these issues, the cloud-based detection system is of increasing interest to detect large-scale malware as it releases the burden of client and improves the detection efficiency. However, most existing cloud-based detection systems overlook the data privacy protection during the malware detection. In this paper, we propose a cloud-based anti-malware system named PriMal, which protects the data privacy of both the cloud server and the client, while still achieves usable detection performance. In the PriMal, a newly designed private malware signature set intersection (PMSSI) protocol is involved to enable both the cloud server and client to achieve malware confirmation without revealing the data privacy in semi-honest model. Moreover, we propose the relevant signature engine to reduce the detection range and overhead. The experimental results show that PriMal offers a practical approach to achieve both usable malware detection and strong data privacy preservation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In the field of secure computation, the semi-honest model is not the strongest model but it is widely accepted and used in many applications. Hence, we conclude the protection is strong as compared to Level II.

  2. 2.

    The cloud server has to ask for the permission of client if the detection results are needed to improve the security service.

  3. 3.

    Modulo(q) hash function [9] randomly maps a byte to a class between 0 to \(q-1\), q is the power of 2 and smaller than 256.

References

  1. Internet security threat report. https://www.symantec.com/about/newsroom

  2. Radioshack sells customer data after settling with states. http://www.bloomberg.com/news/articles/2015-05-20/radioshack-receives-approval-to-sell-name-to-standard-general

  3. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: Proceedings of CCS, Berlin, Germany, pp. 535–548. ACM (2013)

    Google Scholar 

  4. Cha, S.K., Moraru, I., Jang, J., Truelove, J., Brumley, D., Andersen, D.G.: Splitscreen: enabling efficient, distributed malware detection. In: Proceedings of NSDI, pp. 12–25. USENIX Association (2010)

    Google Scholar 

  5. Choi, B., Chae, J., Jamshed, M., Park, K.: DFC: accelerating string pattern matching for network applications. In: Proceedings of NSDI, pp. 551–565. USENIX Association (2016)

    Google Scholar 

  6. ClamAV. Clamavnet (2016). http://www.clamav.net

  7. Fan, B., Andersen, D.G., Kaminsky, M., Mitzenmacher, M.D.: Cuckoo filter: practically better than bloom. In: Proceedings of CoNEXT, pp. 75–87 (2014)

    Google Scholar 

  8. Goldreich, O.: The Foundations of Cryptography - vol. 2, Basic Applications, vol. 2. Cambridge University Press, New York (2004)

    Book  MATH  Google Scholar 

  9. Haghighat, M.H., Tavakoli, M., Kharrazi, M.: Payload attribution via character dependent multi-bloom filters. IEEE Trans. Inf. Forensics Secur. 8(5), 705–716 (2013)

    Article  Google Scholar 

  10. Henecka, W., Schneider, T.: Faster secure two-party computation with less memory. In: Proceedings of AsiaCCS, pp. 437–446. ACM (2013)

    Google Scholar 

  11. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_9

    Chapter  Google Scholar 

  12. Lan, C., Sherry, J., Popa, R.A., Ratnasamy, S., Liu, Z.: Embark: Securely outsourcing middleboxes to the cloud. In: Proceedings of NSDI, pp. 255–273. USENIX (2016)

    Google Scholar 

  13. Melis, L., Asghar, H.J., Cristofaro, E.D., Kaafar, M.A.: Private processing of outsourced network functions: feasibility and constructions. In: Proceedings of SDN-NFV Security, pp. 39–44. ACM (2016)

    Google Scholar 

  14. Oberheide, J., Cooke, E., Jahanian, F.: Cloudav: N-version antivirus in the network cloud. In: Proceedings of USENIX Security Symposium, Berkeley, CA, USA, pp. 91–106. USENIX Association (2008)

    Google Scholar 

  15. Pinkas, B., Schneider, T., Segev, G., Zohner, M.: Phashing: private set intersection using permutation-based hashing. In: Proceedings of USENIX Security Symposium, pp. 515–530 (2015)

    Google Scholar 

  16. Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231, 64–82 (2013)

    Article  MathSciNet  Google Scholar 

  17. Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: deep packet inspection over encrypted traffic. In: Proceedings of SIGCOMM, pp. 213–226. ACM (2015)

    Google Scholar 

  18. Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full sha-1. Technical report, Shattered, February 2017

    Google Scholar 

  19. Sun, H., Wang, X., Su, J., Chen, P.: RScam: cloud-based anti-malware via reversible sketch. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICSSITE, vol. 164, pp. 157–174. Springer, Cham (2015). doi:10.1007/978-3-319-28865-9_9

    Chapter  Google Scholar 

  20. Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 121–133. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_7

    Chapter  Google Scholar 

  21. Yuan, X., Wang, X., Lin, J., Wang, C.: Privacy-preserving deep packet inspection in outsourced middleboxes. In: Proceedings of INFOCOM, pp. 1–9. IEEE (2016)

    Google Scholar 

Download references

Acknowledgement

This research is supported in part by the project of Guangxi cooperative innovation center of cloud computing and big data No. YD16505. The authors gratefully thank the anonymous reviewers for their helpful comments.

Author information

Authors and Affiliations

  1. College of Computer, National University of Defense Technology, Changsha, China

    Hao Sun, Jinshu Su, Xiaofeng Wang, Rongmao Chen & Yujing Liu

  2. Science and Technology on Parallel and Distributed Laboratory, National University of Defense Technology, Changsha, China

    Jinshu Su

  3. Air Force Early Warning Academy, Wuhan, China

    Qiaolin Hu

Authors
  1. Hao Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinshu Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaofeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rongmao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yujing Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Qiaolin Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jinshu Su .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Josef Pieprzyk

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Suriadi Suriadi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Sun, H., Su, J., Wang, X., Chen, R., Liu, Y., Hu, Q. (2017). PriMal: Cloud-Based Privacy-Preserving Malware Detection. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10343. Springer, Cham. https://doi.org/10.1007/978-3-319-59870-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59870-3_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59869-7

  • Online ISBN: 978-3-319-59870-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation