论文信息 - Antivirus performance characterisation: system-wide view

Antivirus performance characterisation: system-wide view

It is well accepted that basic protection against common cyber threats is important, so it is recommended to have antivirus (AV). However, what price do users pay in terms of performance and other usability factors? Although it is important for security researchers and system developers to understand how exactly the AV impacts the whole system, in this study the authors take the approach of tracing operating system (OS) events. The authors' goal is to shed some light on this. To the best of the authors' knowledge, this study is the first to present an OS-aware approach to analyse and reason about AV performance impact. The authors' results show that the main reason for performance degradation in the tasks the authors tested with AV software is that they mainly spend the extra time waiting on events. Sometimes AV does cause some central processing unit overhead, but events such as hard page faults (i.e. those that require disk accesses) are the main contributing factor to AV overhead. Owing to the AV's intrusive behaviour, the tasks in the authors' experiments are caused to create more file input/output operations, page faults, system calls and threads than they normally do without AV installed.

Mohammed I. Al-Saleh | Jedidiah R. Crandall | Antonio M. Espinoza

[1] Somesh Jha,et al. Testing malware detectors , 2004, ISSTA '04.

[2] Mohammed I. Al-Saleh,et al. Application-Level Reconnaissance: Timing Channel Attacks Against Antivirus Software , 2011, LEET.

[3] Bryan Cantrill,et al. Dynamic Instrumentation of Production Systems , 2004, USENIX Annual Technical Conference, General Track.

[4] Nicholas Nethercote,et al. Valgrind: A Program Supervision Framework , 2003, RV@CAV.

[5] Peter Szor,et al. The Art of Computer Virus Research and Defense , 2005 .

[6] David R. Kaeli,et al. Characterizing antivirus workload execution , 2005, CARN.

[7] Sotiris Ioannidis,et al. GrAVity: A Massively Parallel Antivirus Engine , 2010, RAID.

[8] Erez Zadok,et al. Avfs: An On-Access Anti-Virus File System , 2004, USENIX Security Symposium.

[9] Kim M. Hazelwood,et al. Dynamic program analysis of Microsoft Windows applications , 2010, 2010 IEEE International Symposium on Performance Analysis of Systems & Software (ISPASS).

[10] Nathanael Paul,et al. Disk-level behavioral malware detection , 2008 .

[11] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[12] Yuan-Cheng Lai,et al. A Hybrid Algorithm of Backward Hashing and Automaton Tracking for Virus Scanning , 2011, IEEE Transactions on Computers.

[13] Evelyn Duesterwald,et al. Design and implementation of a dynamic optimization framework for windows , 2000 .