nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

PriMal: Cloud-Based Privacy-Preserving Malware Detection

verfasst von : Hao Sun, Jinshu Su, Xiaofeng Wang, Rongmao Chen, Yujing Liu, Qiaolin Hu

Erschienen in: Information Security and Privacy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The ongoing threat of malware has raised significant security and privacy concerns. Motivated by these issues, the cloud-based detection system is of increasing interest to detect large-scale malware as it releases the burden of client and improves the detection efficiency. However, most existing cloud-based detection systems overlook the data privacy protection during the malware detection. In this paper, we propose a cloud-based anti-malware system named PriMal, which protects the data privacy of both the cloud server and the client, while still achieves usable detection performance. In the PriMal, a newly designed private malware signature set intersection (PMSSI) protocol is involved to enable both the cloud server and client to achieve malware confirmation without revealing the data privacy in semi-honest model. Moreover, we propose the relevant signature engine to reduce the detection range and overhead. The experimental results show that PriMal offers a practical approach to achieve both usable malware detection and strong data privacy preservation.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel JSFfox: Run-Timely Confining JavaScript for Firefox

Nächstes Kapitel A New Malware Classification Approach Based on Malware Dynamic Analysis

In the field of secure computation, the semi-honest model is not the strongest model but it is widely accepted and used in many applications. Hence, we conclude the protection is strong as compared to Level II.

The cloud server has to ask for the permission of client if the detection results are needed to improve the security service.

Modulo(q) hash function [9] randomly maps a byte to a class between 0 to \(q-1\), q is the power of 2 and smaller than 256.

Internet security threat report. https://www.symantec.com/about/newsroom

Radioshack sells customer data after settling with states. http://www.bloomberg.com/news/articles/2015-05-20/radioshack-receives-approval-to-sell-name-to-standard-general

Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: Proceedings of CCS, Berlin, Germany, pp. 535–548. ACM (2013)

Cha, S.K., Moraru, I., Jang, J., Truelove, J., Brumley, D., Andersen, D.G.: Splitscreen: enabling efficient, distributed malware detection. In: Proceedings of NSDI, pp. 12–25. USENIX Association (2010)

Choi, B., Chae, J., Jamshed, M., Park, K.: DFC: accelerating string pattern matching for network applications. In: Proceedings of NSDI, pp. 551–565. USENIX Association (2016)

ClamAV. Clamavnet (2016). http://www.clamav.net

Fan, B., Andersen, D.G., Kaminsky, M., Mitzenmacher, M.D.: Cuckoo filter: practically better than bloom. In: Proceedings of CoNEXT, pp. 75–87 (2014)

Goldreich, O.: The Foundations of Cryptography - vol. 2, Basic Applications, vol. 2. Cambridge University Press, New York (2004)CrossRefMATH

Haghighat, M.H., Tavakoli, M., Kharrazi, M.: Payload attribution via character dependent multi-bloom filters. IEEE Trans. Inf. Forensics Secur. 8(5), 705–716 (2013)CrossRef

10.

Henecka, W., Schneider, T.: Faster secure two-party computation with less memory. In: Proceedings of AsiaCCS, pp. 437–446. ACM (2013)

11.

Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_9 CrossRef

12.

Lan, C., Sherry, J., Popa, R.A., Ratnasamy, S., Liu, Z.: Embark: Securely outsourcing middleboxes to the cloud. In: Proceedings of NSDI, pp. 255–273. USENIX (2016)

13.

Melis, L., Asghar, H.J., Cristofaro, E.D., Kaafar, M.A.: Private processing of outsourced network functions: feasibility and constructions. In: Proceedings of SDN-NFV Security, pp. 39–44. ACM (2016)

14.

Oberheide, J., Cooke, E., Jahanian, F.: Cloudav: N-version antivirus in the network cloud. In: Proceedings of USENIX Security Symposium, Berkeley, CA, USA, pp. 91–106. USENIX Association (2008)

15.

Pinkas, B., Schneider, T., Segev, G., Zohner, M.: Phashing: private set intersection using permutation-based hashing. In: Proceedings of USENIX Security Symposium, pp. 515–530 (2015)

16.

Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231, 64–82 (2013)MathSciNetCrossRef

17.

Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: deep packet inspection over encrypted traffic. In: Proceedings of SIGCOMM, pp. 213–226. ACM (2015)

18.

Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full sha-1. Technical report, Shattered, February 2017

19.

Sun, H., Wang, X., Su, J., Chen, P.: RScam: cloud-based anti-malware via reversible sketch. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICSSITE, vol. 164, pp. 157–174. Springer, Cham (2015). doi:10.1007/978-3-319-28865-9_9 CrossRef

20.

Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 121–133. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_7 CrossRef

21.

Yuan, X., Wang, X., Lin, J., Wang, C.: Privacy-preserving deep packet inspection in outsourced middleboxes. In: Proceedings of INFOCOM, pp. 1–9. IEEE (2016)

Titel: PriMal: Cloud-Based Privacy-Preserving Malware Detection
verfasst von: Hao Sun
Jinshu Su
Xiaofeng Wang
Rongmao Chen
Yujing Liu
Qiaolin Hu
Verlag: Springer International Publishing
Buch: Information Security and Privacy
Print ISBN: 978-3-319-59869-7

Electronic ISBN: 978-3-319-59870-3

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-59870-3_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"