Resurrecting anti-malware through collaboration

Manuel Corregedor; Sebastiaan Von Solms

Resurrecting anti-malware through collaboration

Manuel Corregedor, Sebastiaan Von Solms

Academy of Computer Science and Software Engineering

University of Johannesburg

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

A number of reports indicate that malware infection rates continue to increase, additionally, the reports also indicate that malware is becoming increasingly advanced. The spread of malware has grown to such an extent that a number of security experts have declared that anti-virus is dead. We propose an architecture called Collab-AV that can be used to address the anti-malware product vulnerabilities. The Collab-AV architecture is based on the principle of collaboration between different sources of information and different existing anti-malware vendors thus following a "strength in numbers" philosophy. The Collab-AV architecture is essentially divided into three layers as follows: Collab-AV Remote Layer: Represents all the components of Collab-AV that exist outside of the users' environment i.e. external to the user's computer. This layer is responsible for providing Collab-AV with actionable threat intelligence by gathering and utilising information gathered from the following sources: malware hash registries, benign software hash registries, threat information sources and trusted Collab-AV Peers. Collab-AV Local Layer: Contains the most important sub-systems of Collab-AV that execute on the user's computer. The sub-systems are collectively responsible for ensuring that the user is protected from malware infections by utilising the information gathered from the Collab-AV Remote layer and information gathered from the user's computer. Collab-AV Evaluation Layer: The purpose of this layer is to evaluate Collab-AV by continuously testing it for new vulnerabilities. The objectives of this layer can be achieved by using the evaluation framework we defined in our previous work or by integrating evaluations by third parties such as AV-Comparatives. The outputs of the evaluations will be used to guide future improvements on Collab-AV. The Collab-AV architecture has been designed to work with existing anti-malware products as opposed to replacing them while ensuring increased detection rates, trust, scalability and privacy.

Original language	English
Title of host publication	14th European Conference on Cyber Warfare and Security, ECCWS 2015
Editors	Nasser Abouzakhar
Publisher	Curran Associates Inc.
Pages	337-345
Number of pages	9
ISBN (Electronic)	9781910810286
Publication status	Published - 2015
Event	14th European Conference on Cyber Warfare and Security, ECCWS 2015 - Hatfield, United Kingdom Duration: 2 Jul 2015 → 3 Jul 2015

Publication series

Name	European Conference on Information Warfare and Security, ECCWS
Volume	2015-January
ISSN (Print)	2048-8602
ISSN (Electronic)	2048-8610

Conference

Conference	14th European Conference on Cyber Warfare and Security, ECCWS 2015
Country/Territory	United Kingdom
City	Hatfield
Period	2/07/15 → 3/07/15

Keywords

Anti-malware
Collaboration
Malware
Trust
Virtualisation

ASJC Scopus subject areas

Information Systems
Information Systems and Management
Safety, Risk, Reliability and Quality

Cite this

@inproceedings{286f2676eabb429ab9b2904012ae93d5,

title = "Resurrecting anti-malware through collaboration",

abstract = "A number of reports indicate that malware infection rates continue to increase, additionally, the reports also indicate that malware is becoming increasingly advanced. The spread of malware has grown to such an extent that a number of security experts have declared that anti-virus is dead. We propose an architecture called Collab-AV that can be used to address the anti-malware product vulnerabilities. The Collab-AV architecture is based on the principle of collaboration between different sources of information and different existing anti-malware vendors thus following a {"}strength in numbers{"} philosophy. The Collab-AV architecture is essentially divided into three layers as follows: Collab-AV Remote Layer: Represents all the components of Collab-AV that exist outside of the users' environment i.e. external to the user's computer. This layer is responsible for providing Collab-AV with actionable threat intelligence by gathering and utilising information gathered from the following sources: malware hash registries, benign software hash registries, threat information sources and trusted Collab-AV Peers. Collab-AV Local Layer: Contains the most important sub-systems of Collab-AV that execute on the user's computer. The sub-systems are collectively responsible for ensuring that the user is protected from malware infections by utilising the information gathered from the Collab-AV Remote layer and information gathered from the user's computer. Collab-AV Evaluation Layer: The purpose of this layer is to evaluate Collab-AV by continuously testing it for new vulnerabilities. The objectives of this layer can be achieved by using the evaluation framework we defined in our previous work or by integrating evaluations by third parties such as AV-Comparatives. The outputs of the evaluations will be used to guide future improvements on Collab-AV. The Collab-AV architecture has been designed to work with existing anti-malware products as opposed to replacing them while ensuring increased detection rates, trust, scalability and privacy.",

keywords = "Anti-malware, Collaboration, Malware, Trust, Virtualisation",

author = "Manuel Corregedor and {Von Solms}, Sebastiaan",

year = "2015",

language = "English",

series = "European Conference on Information Warfare and Security, ECCWS",

publisher = "Curran Associates Inc.",

pages = "337--345",

editor = "Nasser Abouzakhar",

booktitle = "14th European Conference on Cyber Warfare and Security, ECCWS 2015",

note = "14th European Conference on Cyber Warfare and Security, ECCWS 2015 ; Conference date: 02-07-2015 Through 03-07-2015",

}

Corregedor, M & Von Solms, S 2015, Resurrecting anti-malware through collaboration. in N Abouzakhar (ed.), 14th European Conference on Cyber Warfare and Security, ECCWS 2015. European Conference on Information Warfare and Security, ECCWS, vol. 2015-January, Curran Associates Inc., pp. 337-345, 14th European Conference on Cyber Warfare and Security, ECCWS 2015, Hatfield, United Kingdom, 2/07/15.

Resurrecting anti-malware through collaboration. / Corregedor, Manuel; Von Solms, Sebastiaan.
14th European Conference on Cyber Warfare and Security, ECCWS 2015. ed. / Nasser Abouzakhar. Curran Associates Inc., 2015. p. 337-345 (European Conference on Information Warfare and Security, ECCWS; Vol. 2015-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Resurrecting anti-malware through collaboration

AU - Corregedor, Manuel

AU - Von Solms, Sebastiaan

PY - 2015

Y1 - 2015

N2 - A number of reports indicate that malware infection rates continue to increase, additionally, the reports also indicate that malware is becoming increasingly advanced. The spread of malware has grown to such an extent that a number of security experts have declared that anti-virus is dead. We propose an architecture called Collab-AV that can be used to address the anti-malware product vulnerabilities. The Collab-AV architecture is based on the principle of collaboration between different sources of information and different existing anti-malware vendors thus following a "strength in numbers" philosophy. The Collab-AV architecture is essentially divided into three layers as follows: Collab-AV Remote Layer: Represents all the components of Collab-AV that exist outside of the users' environment i.e. external to the user's computer. This layer is responsible for providing Collab-AV with actionable threat intelligence by gathering and utilising information gathered from the following sources: malware hash registries, benign software hash registries, threat information sources and trusted Collab-AV Peers. Collab-AV Local Layer: Contains the most important sub-systems of Collab-AV that execute on the user's computer. The sub-systems are collectively responsible for ensuring that the user is protected from malware infections by utilising the information gathered from the Collab-AV Remote layer and information gathered from the user's computer. Collab-AV Evaluation Layer: The purpose of this layer is to evaluate Collab-AV by continuously testing it for new vulnerabilities. The objectives of this layer can be achieved by using the evaluation framework we defined in our previous work or by integrating evaluations by third parties such as AV-Comparatives. The outputs of the evaluations will be used to guide future improvements on Collab-AV. The Collab-AV architecture has been designed to work with existing anti-malware products as opposed to replacing them while ensuring increased detection rates, trust, scalability and privacy.

AB - A number of reports indicate that malware infection rates continue to increase, additionally, the reports also indicate that malware is becoming increasingly advanced. The spread of malware has grown to such an extent that a number of security experts have declared that anti-virus is dead. We propose an architecture called Collab-AV that can be used to address the anti-malware product vulnerabilities. The Collab-AV architecture is based on the principle of collaboration between different sources of information and different existing anti-malware vendors thus following a "strength in numbers" philosophy. The Collab-AV architecture is essentially divided into three layers as follows: Collab-AV Remote Layer: Represents all the components of Collab-AV that exist outside of the users' environment i.e. external to the user's computer. This layer is responsible for providing Collab-AV with actionable threat intelligence by gathering and utilising information gathered from the following sources: malware hash registries, benign software hash registries, threat information sources and trusted Collab-AV Peers. Collab-AV Local Layer: Contains the most important sub-systems of Collab-AV that execute on the user's computer. The sub-systems are collectively responsible for ensuring that the user is protected from malware infections by utilising the information gathered from the Collab-AV Remote layer and information gathered from the user's computer. Collab-AV Evaluation Layer: The purpose of this layer is to evaluate Collab-AV by continuously testing it for new vulnerabilities. The objectives of this layer can be achieved by using the evaluation framework we defined in our previous work or by integrating evaluations by third parties such as AV-Comparatives. The outputs of the evaluations will be used to guide future improvements on Collab-AV. The Collab-AV architecture has been designed to work with existing anti-malware products as opposed to replacing them while ensuring increased detection rates, trust, scalability and privacy.

KW - Anti-malware

KW - Collaboration

KW - Malware

KW - Trust

KW - Virtualisation

UR - http://www.scopus.com/inward/record.url?scp=84940771232&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84940771232

T3 - European Conference on Information Warfare and Security, ECCWS

SP - 337

EP - 345

BT - 14th European Conference on Cyber Warfare and Security, ECCWS 2015

A2 - Abouzakhar, Nasser

PB - Curran Associates Inc.

T2 - 14th European Conference on Cyber Warfare and Security, ECCWS 2015

Y2 - 2 July 2015 through 3 July 2015

ER -

Resurrecting anti-malware through collaboration

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this