RScam: Cloud-Based Anti-Malware via Reversible Sketch

Cybercrime caused by malware becomes a persistent and damaging threat which makes the trusted security solution urgently demanded, especially for resource-constrained ends. The existing industry and academic approaches provide available anti-malware systems based on different perspectives. However, it is hard to achieve high performance detection and data privacy protection simultaneously. This paper proposes a cloud-based anti-malware system, called RScam, which provides fast and trusted security service for the resource-constrained ends. In RScam, we present suspicious bucket filtering, a novel signature-based detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. Then we design a lightweight client which utilizes the digest of signature fragments to sharply reduce detection range. Finally, we design balanced interaction mechanism, which transmits sketch coordinates of suspicious file fragments and transformation of malicious signature fragments between the client and cloud server to protect data privacy and reduce traffic volume. We evaluate the performance of RScam with campus suspicious traffic and normal files. The results demonstrate validity and veracity of the proposed mechanism. Our system can outperform other existing systems with less time and traffic consumption.

[1]  Sotiris Ioannidis,et al.  GrAVity: A Massively Parallel Antivirus Engine , 2010, RAID.

[2]  Deepak Venugopal,et al.  Efficient signature based malware detection on mobile devices , 2008, Mob. Inf. Syst..

[3]  David Brumley,et al.  SplitScreen: Enabling efficient, distributed malware detection , 2010, Journal of Communications and Networks.

[4]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[5]  Mohammad Hashem Haghighat,et al.  Payload Attribution via Character Dependent Multi-Bloom Filters , 2013, IEEE Transactions on Information Forensics and Security.

[6]  Chuanyi Ji,et al.  An Information-Theoretic View of Network-Aware Malware Attacks , 2008, IEEE Transactions on Information Forensics and Security.

[7]  S. Muthukrishnan,et al.  Data streams: algorithms and applications , 2005, SODA '03.

[8]  Pei Cao,et al.  Hash-AV: fast virus signature scanning by cache-resident filters , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[9]  Dengguo Feng,et al.  CloudSEC: A Cloud Architecture for Composing Collaborative Security Services , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[10]  Hong Wang,et al.  Securing network coding against pollution attacks in P2P converged ubiquitous networks , 2015, Peer Peer Netw. Appl..

[11]  Markus Jakobsson,et al.  Server-side detection of malware infection , 2009, NSPW '09.

[12]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[13]  Ming-Yang Kao,et al.  Reversible sketches: enabling monitoring and analysis over high-speed data streams , 2007, TNET.

[14]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[15]  Jason Flinn,et al.  Virtualized in-cloud security services for mobile devices , 2008, MobiVirt '08.

[16]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[17]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.

[18]  Yong Tang,et al.  Signature Tree Generation for Polymorphic Worms , 2011, IEEE Transactions on Computers.