SplitScreen: Enabling Efficient, Distributed Malware Detection |
Cha, Sang-Kil
(Electrical and Computer Engineering department, Carnegie Mellon University)
Moraru, Iulian (The Computer Science Department, Carnegie Mellon University) Jang, Ji-Yong (Electrical and Computer Engineering department, Carnegie Mellon University) Truelove, John (The Computer Science Department, Carnegie Mellon University) Brumley, David (The Computer Science Department, Carnegie Mellon University) Andersen, David G. (The Computer Science Department, Carnegie Mellon University) |
1 | Symantec global internet security threat report. [Online]. Available: http://www.symantec.com/about/news/release/article.jsp?prid=20090413_01 |
2 | F-secure: Silent growth of malware accelerates. [Online]. Available: http://www.f-secure.com/en EMEA/security/security-lab/latest-threats/security-threat-summaries/2008-2.html |
3 | G. Ollmann, "The evolution of commercial malware development kits and colour-by-numbers custom malware," Computer Fraud & Security, vol. 9, 2008. |
4 | T. Kojm. (2008). Introduction to ClamAV. [Online]. Available: http://www.clamav.net/doc/webinars/Webinar-TK-2008-06-11.pdf |
5 | O. Erdogan and P. Cao, "Hash-AV: Fast virus signature scanning by cacheresident filters," Int. J. Security Netw., vol. 50, no. 2, 2007. |
6 | I. Moraru and D. G. Andersen, "Exact pattern matching with feed-forward bloom filters," in Proc. ALENEX, 2011. |
7 | J. Oberheide, E. Cooke, and F. Jahanian. "CloudAV: N-version antivirus in the network cloud," in Proc. USENIX, 2008. |
8 | C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X. Zhou, and X. Wang, "Effective and efficient malware detection at the end host," in Proc. USENIX, 2009. |
9 | T. Kojm. Clamav. [Online]. Available: http://www.clamav.net |
10 | P.-C. Lin, Z.-X. Li, Y.-D. Lin, Y.-C. Lai, and F. Lin, "Profiling and accelerating string matching algorithms in three network content security applications," IEEE Commun. Surveys Tuts., vol. 8, pp. 24-37, Apr. 2006. |
11 | A. V. Aho and M. J. Corasick, "Efficient string matching: An aid to bibliographic search," Commun. of the ACM, vol. 18, pp. 333-340, 1975. DOI ScienceOn |
12 | S. Wu and U. Manber, "A fast algorithm for multi-pattern searching," Technical Report TR-94-17, University of Arizona, 1994. |
13 | R. S. Boyer and J. S. Moore, "A fast string searching algorithm," Commun. of the ACM, vol. 20, pp. 762-772, 1977. DOI ScienceOn |
14 | B. H. Bloom, "Space/time trade-offs in hash coding with allowable errors," Commun. of the ACM, vol. 13, pp. 422-426, 1970. DOI |
15 | A. Broder and M. Mitzenmacher, "Network applications of bloom filters: A survey," Internet Mathematics, pp. 636-646, 2002. |
16 | R. M. Karp and M. O. Rabin, "Efficient randomized pattern-matching algorithms," IBM J. Research and Development, vol. 31, no. 2, pp. 249-260, 1987. DOI |
17 | S. Ballmer. (2007). [Online]. Available: http://www.microsoft.com/msft/speech/FY07/BallmerFAM2007.mspx |
18 | AdaptiveMobile. Cyber Criminals Target Smartphones as Malware Increases by a Third in 2010. [Online]. Available: http://www.adaptivemobile.com/press-centre/press-releases |
19 | R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang, "Soundminer: A stealthy and context-aware sound trojan for smartphones," in Proc. 18th Ann. Netw. Distributed Syst. Security Symp., 2011. |
20 | P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta, "On cellular botnets: Measuring the impact of malicious devices on a cellular network core," in Proc. 16th ACM Conf. Comput. Commun. Security, 2009, pp 223-234. |
21 | J. D. Cohen, "Recursive hashing functions for n-grams," ACM Trans. Inf. Syst., vol. 15, no. 3, pp. 291-320, 1997. DOI ScienceOn |
22 | A. Kirsch and M. Mitzenmacher, "Less hashing, same performance: Building a better Bloom filter," Random Structures & Algorithms, vol. 33, no. 2, pp. 187-218, 2008. DOI ScienceOn |
23 | H. Song, T. Sproull, M. Attig, and J. Lockwood, "Snort offloader: A reconfigurable hardware NIDS filter," Int. Conf. Field Programmable Logic and Applications, 2005., pp. 493-498, 2005. |
24 | S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, "Deep packet inspection using parallel Bloom filters," IEEE Micro, vol. 24, pp. 52-61, Jan. 2004. DOI ScienceOn |
25 | D. Venugopal and G. Hu, "Efficient signature based malware detection on mobile devices," Mobile Inf. Syst., vol. 4, no. 1, pp. 33-49, 2008. DOI |
26 | A. Bose, X. Hu, K. G. Shin, and T. Park, "Behavioral detection of malware on mobile handsets," in Proc. 6th Int. Conf. Mobile Syst., Appl., Services, 2008, pp. 225-238. |
27 | V. Vasudevan, J. Franklin, D. Andersen, A. Phanishayee, L. Tan, M. Kaminsky, and I. Moraru, "FAWNdamentally power-efficient clusters," in Proc. 12th Workshop on Hot Topics in Operating Syst., 2009. |
28 | L. Liu, G. Yan, X. Zhang, and S. Chen, "Virusmeter: Preventing your cellphone from spies," in Recent Advances in Intrusion Detection, vol. 5758 of Lecture Notes in Computer Science, pp. 244-264. Springer Berlin/Heidelberg, 2009. |
29 | H. Kim, J. Smith, and K. G. Shin, "Detecting energy-greedy anomalies and mobile malware variants," in Proc. 6th Int. Conf. Mobile Syst., Appl., Services, New York, USA, 2008, pp. 239-252. |
30 | Y. Miretskiy, A. Das, C. P. Wright, and E. Zadok, "AVFS: An on-access anti-virus file system," in Proc. 13th USENIX Security Symp., 2004. |