DMCA
SplitScreen: Enabling Efficient, Distributed Malware Detection
Cached
Download Links
| Citations: | 14 - 6 self |
BibTeX
@MISC{Cha_splitscreen:enabling,
author = {Sang Kil Cha and Iulian Moraru and Jiyong Jang and John Truelove and David Brumley and David Andersen},
title = {SplitScreen: Enabling Efficient, Distributed Malware Detection},
year = {}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
We present the design and implementation of a novel anti-malware system called SplitScreen. SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches. The screening step filters out most non-infected files (90%) and also identifies malware signatures that are not of interest (99%). The screening step significantly improves end-to-end performance because safe files are quickly identified and are not processed further, and malware files can subsequently be scanned using only the signatures that are necessary. Our approach naturally leads to a network-based anti-malware solution in which clients only receive signatures they needed, not every malware signature ever created as with current approaches. We have implemented SplitScreen as an extension to ClamAV [13], the most popular open source anti-malware software. We evaluated our implementation and found a> 2 × increase in scanning speed and a 2 × decrease in memory consumption. 1
Keyphrases
distributed malware detection enabling efficient network-based anti-malware solution non-infected file malware signature screening step filter novel anti-malware system end-to-end performance popular open source anti-malware software additional screening step screening step malware file safe file memory consumption current approach
