Loading…
Retrospective detection of malware attacks by cloud computing
As malware becomes pervasive and fast-evolving on the Internet, every computer linking to the outer world faces the risks of malware attacks. Therefore, it is important to not only detect malware as early as possible but also to determine which computer has been attacked. Among the various methods t...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Conference Proceeding |
| Language: | English |
| Subjects: | |
| Online Access: | Request full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 517 |
| container_issue | |
| container_start_page | 510 |
| container_title | |
| container_volume | |
| creator | Liu, Shun-Te Chen, Yi-Ming |
| description | As malware becomes pervasive and fast-evolving on the Internet, every computer linking to the outer world faces the risks of malware attacks. Therefore, it is important to not only detect malware as early as possible but also to determine which computer has been attacked. Among the various methods to find and trace the existence of malware, retrospective detection is promising one. Once a threat is identified, it allows one to determine exactly which host or users open similar files by searching historical information. In the past, the huge volume of historical information represents an insurmountable barrier to such traces. Fortunately, with the evolution of cloud computing technologies, this barrier can be broken. In this paper, we propose a new retrospective detection approach based on Portable Executable (PE) format file relationships. We implement our system in a Hadoop platform and use 18 real-world malware to do effective and efficient tests. Our results show that our system has a higher detection rate as well as a lower false positive rate than the famous Splunk tool. We also find that, although cloud computing is suitable for processing a small number of huge files, it has shortcomings in dealing with a large number of small files. |
| doi_str_mv | 10.1109/CyberC.2010.99 |
| format | conference_proceeding |
| fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5616975</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5616975</ieee_id><sourcerecordid>5616975</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-4dac8243e26d07df438b4bff6add52cc5afa5f7b60d828acad0e57d3cd98baff3</originalsourceid><addsrcrecordid>eNotjM1KxDAYRSMiqGO3btzkBTqm-c_ChRT_YECQ2Q9fki9SbaclzSh9e0f0bs7hLC4h1w1bNw1zt-3iMbdrzo7BuRNSOWOZ0U5JLpQ6JZeN5FJaKSQ7J9U8f7DjpOKcqwty94Ylj_OEoXRfSCOWXxv3dEx0gP4bMlIoBcLnTP1CQz8eIg3jMB1Kt3-_ImcJ-hmrf67I9vFh2z7Xm9enl_Z-U3eOlVpGCJZLgVxHZmKSwnrpU9IQo-IhKEigkvGaRcstBIgMlYkiRGc9pCRW5ObvtkPE3ZS7AfKyU7rRzijxAzuDS3s</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Retrospective detection of malware attacks by cloud computing</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Liu, Shun-Te ; Chen, Yi-Ming</creator><creatorcontrib>Liu, Shun-Te ; Chen, Yi-Ming</creatorcontrib><description>As malware becomes pervasive and fast-evolving on the Internet, every computer linking to the outer world faces the risks of malware attacks. Therefore, it is important to not only detect malware as early as possible but also to determine which computer has been attacked. Among the various methods to find and trace the existence of malware, retrospective detection is promising one. Once a threat is identified, it allows one to determine exactly which host or users open similar files by searching historical information. In the past, the huge volume of historical information represents an insurmountable barrier to such traces. Fortunately, with the evolution of cloud computing technologies, this barrier can be broken. In this paper, we propose a new retrospective detection approach based on Portable Executable (PE) format file relationships. We implement our system in a Hadoop platform and use 18 real-world malware to do effective and efficient tests. Our results show that our system has a higher detection rate as well as a lower false positive rate than the famous Splunk tool. We also find that, although cloud computing is suitable for processing a small number of huge files, it has shortcomings in dealing with a large number of small files.</description><identifier>ISBN: 1424484340</identifier><identifier>ISBN: 9781424484348</identifier><identifier>EISBN: 9780769542355</identifier><identifier>EISBN: 0769542352</identifier><identifier>DOI: 10.1109/CyberC.2010.99</identifier><language>eng</language><publisher>IEEE</publisher><subject>Cloud computing ; Hadoop ; Malware ; Monitoring ; retrospective detection</subject><ispartof>2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, 2010, p.510-517</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5616975$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5616975$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Liu, Shun-Te</creatorcontrib><creatorcontrib>Chen, Yi-Ming</creatorcontrib><title>Retrospective detection of malware attacks by cloud computing</title><title>2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery</title><addtitle>cyberc</addtitle><description>As malware becomes pervasive and fast-evolving on the Internet, every computer linking to the outer world faces the risks of malware attacks. Therefore, it is important to not only detect malware as early as possible but also to determine which computer has been attacked. Among the various methods to find and trace the existence of malware, retrospective detection is promising one. Once a threat is identified, it allows one to determine exactly which host or users open similar files by searching historical information. In the past, the huge volume of historical information represents an insurmountable barrier to such traces. Fortunately, with the evolution of cloud computing technologies, this barrier can be broken. In this paper, we propose a new retrospective detection approach based on Portable Executable (PE) format file relationships. We implement our system in a Hadoop platform and use 18 real-world malware to do effective and efficient tests. Our results show that our system has a higher detection rate as well as a lower false positive rate than the famous Splunk tool. We also find that, although cloud computing is suitable for processing a small number of huge files, it has shortcomings in dealing with a large number of small files.</description><subject>Cloud computing</subject><subject>Hadoop</subject><subject>Malware</subject><subject>Monitoring</subject><subject>retrospective detection</subject><isbn>1424484340</isbn><isbn>9781424484348</isbn><isbn>9780769542355</isbn><isbn>0769542352</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjM1KxDAYRSMiqGO3btzkBTqm-c_ChRT_YECQ2Q9fki9SbaclzSh9e0f0bs7hLC4h1w1bNw1zt-3iMbdrzo7BuRNSOWOZ0U5JLpQ6JZeN5FJaKSQ7J9U8f7DjpOKcqwty94Ylj_OEoXRfSCOWXxv3dEx0gP4bMlIoBcLnTP1CQz8eIg3jMB1Kt3-_ImcJ-hmrf67I9vFh2z7Xm9enl_Z-U3eOlVpGCJZLgVxHZmKSwnrpU9IQo-IhKEigkvGaRcstBIgMlYkiRGc9pCRW5ObvtkPE3ZS7AfKyU7rRzijxAzuDS3s</recordid><startdate>201010</startdate><enddate>201010</enddate><creator>Liu, Shun-Te</creator><creator>Chen, Yi-Ming</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201010</creationdate><title>Retrospective detection of malware attacks by cloud computing</title><author>Liu, Shun-Te ; Chen, Yi-Ming</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-4dac8243e26d07df438b4bff6add52cc5afa5f7b60d828acad0e57d3cd98baff3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Cloud computing</topic><topic>Hadoop</topic><topic>Malware</topic><topic>Monitoring</topic><topic>retrospective detection</topic><toplevel>online_resources</toplevel><creatorcontrib>Liu, Shun-Te</creatorcontrib><creatorcontrib>Chen, Yi-Ming</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Liu, Shun-Te</au><au>Chen, Yi-Ming</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Retrospective detection of malware attacks by cloud computing</atitle><btitle>2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery</btitle><stitle>cyberc</stitle><date>2010-10</date><risdate>2010</risdate><spage>510</spage><epage>517</epage><pages>510-517</pages><isbn>1424484340</isbn><isbn>9781424484348</isbn><eisbn>9780769542355</eisbn><eisbn>0769542352</eisbn><abstract>As malware becomes pervasive and fast-evolving on the Internet, every computer linking to the outer world faces the risks of malware attacks. Therefore, it is important to not only detect malware as early as possible but also to determine which computer has been attacked. Among the various methods to find and trace the existence of malware, retrospective detection is promising one. Once a threat is identified, it allows one to determine exactly which host or users open similar files by searching historical information. In the past, the huge volume of historical information represents an insurmountable barrier to such traces. Fortunately, with the evolution of cloud computing technologies, this barrier can be broken. In this paper, we propose a new retrospective detection approach based on Portable Executable (PE) format file relationships. We implement our system in a Hadoop platform and use 18 real-world malware to do effective and efficient tests. Our results show that our system has a higher detection rate as well as a lower false positive rate than the famous Splunk tool. We also find that, although cloud computing is suitable for processing a small number of huge files, it has shortcomings in dealing with a large number of small files.</abstract><pub>IEEE</pub><doi>10.1109/CyberC.2010.99</doi><tpages>8</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISBN: 1424484340 |
| ispartof | 2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, 2010, p.510-517 |
| issn | |
| language | eng |
| recordid | cdi_ieee_primary_5616975 |
| source | IEEE Electronic Library (IEL) Conference Proceedings |
| subjects | Cloud computing Hadoop Malware Monitoring retrospective detection |
| title | Retrospective detection of malware attacks by cloud computing |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T12%3A00%3A14IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Retrospective%20detection%20of%20malware%20attacks%20by%20cloud%20computing&rft.btitle=2010%20International%20Conference%20on%20Cyber-Enabled%20Distributed%20Computing%20and%20Knowledge%20Discovery&rft.au=Liu,%20Shun-Te&rft.date=2010-10&rft.spage=510&rft.epage=517&rft.pages=510-517&rft.isbn=1424484340&rft.isbn_list=9781424484348&rft_id=info:doi/10.1109/CyberC.2010.99&rft.eisbn=9780769542355&rft.eisbn_list=0769542352&rft_dat=%3Cieee_6IE%3E5616975%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i90t-4dac8243e26d07df438b4bff6add52cc5afa5f7b60d828acad0e57d3cd98baff3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5616975&rfr_iscdi=true |