A Software Solution for Realtime Malware Detection in Distributed Systems

A Software Solution for Realtime Malware Detection in Distributed Systems

In the recent years, threats of malwares have been increasing. The violation of privacy and confidentiality in large networks and distributed systems is the main target for these malwares. To prevent such attacks, anti-virus systems are designed with different analysis methods and featuring regular updating service. But still we face many threats that are not easily identified. Some systems encounter limitations like shortage in computational resources or real-time interactions. They need a new approach to detect unknown and predefined threats together. The main idea behind this research work is to find malware in network level analysis by a real-time approach. It can be shown that there is often a long delay between entrance of malware and its malicious effect. This investigation is divided into two parts: first is to analyze predefined network behavior in network devices, and second is to investigate software-level activities. To do this, the entropy is introduced. The aim of this feature is to measure network flow trustworthily. Prior work shows that the trust border is lower than 0.3 and threat boundary is defined higher than 0.8. The result indicates that the detection rate of the proposed system is higher than 71% for unknown malwares.