Journal of Korea Society of Industrial Information Systems (한국산업정보학회논문지)

Korea Society of Industrial Information Systems (한국산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Performance Enhancement Scheme for Signature-based Anti-Viruses

시그니처 기반 안티 바이러스 성능 향상 기법에 대한 연구

  • 조민재 (세종대학교 컴퓨터공학과) ;
  • 신지선 (세종대학교 정보보호학과)
  • Received : 2015.04.03
  • Accepted : 2015.04.17
  • Published : 2015.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

An anti-virus is a widely used solution for detecting malicious software in client devices. In particular, signature-based anti-viruses detect malicious software by comparing a file with a signature of a malicious software. Recently, the number of malicious software dramatically increases and hence it results in a performance degradation issue: detection time of signature-based anti-virus increases and throughput decreases. In this paper, we summarize the research results of signature-based anti-viruses which are focusing on solutions overcoming of performance limitations, and propose a new solution. In particular, comparing our solution to SplitScreen which has been known with the best performance, our solution reduces client-side workload and decreases communication cost.

안티바이러스는 단말에서 악성소프트웨어를 탐지하는데 있어 널리 사용되는 솔루션이다. 이 중 시그니처 기반 안티바이러스는 가장 기본적인 탐지방법으로 파일과 악성소프트웨어의 시그니처를 비교하여 탐지한다. 최근 악성소프트웨어의 수가 급격히 증가함에 따라 시그니처 기반 안티바이러스의 탐지 시간이 증가하고 시간당 처리량이 줄어들면서 성능 저하 문제가 발생되고 있다. 본 논문에서는 이를 극복하기 위해 제시된 주요 연구 결과를 살펴보고 이를 개선한 새로운 성능향상 솔루션을 제시한다. 특히, 본 논문의 솔루션은 성능향상 수준이 가장 높은 솔루션으로 알려진 SplitScreen과 비교하여, 클라이언트의 작업을 줄이고, 시그니처 서버와의 통신비용을 줄여 안티바이러스 솔루션의 성능향상에 기여하였다.

Keywords

References

  1. ASEC Report, http://download.ahnlab.com/asecReport/ASEC_Report_Vol.60_Kor.pdf
  2. McAfee Report, http://www.mcafee.com/kr/resources/reports/rp-quarterly-threat-q3-2014.pdf
  3. J.O. Kephart and W.C. Arnold. 1994. "Automatic Extraction of Computer Virus Signatures." In Proc.of the 4th Virus Bulletin Int'l Conf. Virus Bulletin Ltd., Abingdon, pp. 178-184.
  4. Arnold, W. and G. Tesauro, "Automatically generated Win32 heuristic virus detection", in 10th Virus Bulletin International Conference (VB2000), pp. 51-60, 2000.
  5. Cohen, F.: Computer viruses. Ph.D. thesis, University of South California, 1986
  6. Cohen, F.B.: Computer viruses: Theory and experiments. Comput. Secur. Vol 6, No.1, pp. 22-35, 1987
  7. Eun Jun Yoon, Hyun Sung Kim and Ki Dong Bu, "An Intrusion Detection System Using Pattern Classification", Proceedings of the Korea Society for Industrial Systems Conference, 2002.
  8. Eun Jun Yoon, Hyun Sung Kim and Ki Dong Bu, "Intrusion Detection System using Pattern Classification with Hashing Technique", Journal of the Korea Industrial Information System Society, Vol. 8, No. 1, pp. 75-82, 2003.
  9. Hyun Chul Cha, "A Solution for Timing Gap Problems on Network Intrusion Detection Systems", Journal of the Korea Industrial Information System Society, Vol. 7, No.1, pp. 1-6, 2001.
  10. Seon Cheol Choi and Hyun Chul Cha, "A Detection Method for Network Intrusion using the NFR", Proceedings of the Korea Society for Industrial Systems Conference, 2001.
  11. Jae Min Son, Hyun Sung Kim and Ki Dong Bu, "A Scheme for Protecting Security Rules in Intrusion Detection System", Journal of the Korea Industrial Information System Society, Vol. 8, No.4, pp. 8-16, 2003.
  12. ClamAV, http://www.clamav.net/index.html
  13. Erdogan, Ozgun, and Pei Cao. "Hash-AV: fast virus signature scanning by cache-resident filters," International Journal of Security and Networks 2.1, pp. 50-59, 2007 https://doi.org/10.1504/IJSN.2007.012824
  14. Kandhan, Ramakrishnan, Nikhil Teletia, and Jignesh M. Patel. "SigMatch: fast and scalable multi-pattern matching." Proceedings of the VLDB Endowment 3.1-2,pp. 1173-1184, 2010
  15. Oberheide, Jon, Evan Cooke, and Farnam Jahanian. "CloudAV: N-Version Antivirus in the Network Cloud." USENIX Security Symposium, pp. 91-106, 2008
  16. Cha, Sang Kil, et al. "SplitScreen: Enabling efficient, distributed malware detection." Communications and Networks, Vol 13, No. 2, pp. 187-200, 2011 https://doi.org/10.1109/JCN.2011.6157418
  17. Tran Ngoc, T, Hieu T T, Ishii H, and Tomiyama S," Memory-efficient signature matching for ClamAV on FPGA.", In Communications and Electronics (ICCE), 2014 IEEE Fifth International Conference on, pp. 358-363, 2014

Cited by

  1. A Study on Improved Detection Signature System in Hacking Response of One-Line Games vol.21, pp.1, 2016, https://doi.org/10.7838/jsebs.2016.21.1.105
  2. MWMon: A Software Defined Network-based Malware Monitor vol.20, pp.5, 2015, https://doi.org/10.9723/jksiis.2015.20.5.037