| In the traditional security field, antivirus still mainly relies on the signature-matchingand no signature techniques. The former is fast and accurate, but there is the signature lagand expansion, and there is a high rate of false positives and false alarm for the latter.With powerful computing and processing power, cloud security technology makesantivirus more timely and reliable. However, the nature of cloud security is still a staticsignature scanning. Enhance the performance of computer processing lags far behind thegrowth rate of the malicious, the rapid expansion of the cloud feature library, to the lastwill continue to update lag and decreased efficiency.The rapid growth of malicious mainly relies on the deformation of anti-antivirus. Byautomatic analysis and classified function provided by clients, uploading andcomputational load are reduced. First the client simulates the process of loading anexecutable program as the operating systems, then effective feature code is extracted andthe code would be identified as a category of malicious program or compile code fromcertain compiler. If it is malicious, the client would find the entry point of the originalprogram by disassembly debugging, and then dump the original program to disk from theentry point, and scan the original program. This method not only reduces the upload andcomputation but also improves the efficiency of antivirus engine.To verify the validity of the automatic analysis and classified function, we detectedcommon and anti-antivirus malicious programs. The conclusion indicated that the cloudcan scan both of them and return the results to the clients. We tested3105malicioussamples, the total detection rate was90.3%, and the detection rate of anti-antivirusapplication was84.7%, both of the rates were higher than common anti-virus software.The overall testing results showed that automatic analysis and classified function caneffectively reduce performance overhead and improve the detection rate. |
PDF Full Text Request