Portal monitoring based anti-malware framework: design and implementation

Author

Wu, Yanjun ; Shi, Wenchang

Author_Institution

Inst. of Software, Chinese Acad. of Sci., Beijing

fYear

2006

fDate

10-12 April 2006

Lastpage

558

Abstract

Most malware are introduced into a computer system by applications that communicate with the outside world. These applications (called portals) are key components for system security. This paper presents an efficient anti-malware framework under Linux by monitoring the behavior of these portals and isolating the files they induced. The files created or modified by the monitored applications will be marked with a suspicious label; when a file with suspicious label is accessed, a predefined scanning tool or other mechanisms in user-land will be invoked to check the file. The file labeling and access mediation are done in kernel, thus is mandatory and transparent to user applications; the scanning mechanisms are implemented in user land, thus flexible for user to customize. Experiment result under Linux shows the framework can prevent malware´s intrusion with small performance penalty

Keywords

Linux; computer crime; portals; system monitoring; Linux; access control; antimalware framework; file labeling; portal monitoring; system security; virus scanning mechanisms; Access control; Application software; Computer viruses; Computerized monitoring; Content addressable storage; Data security; Kernel; Linux; Operating systems; Portals;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International

Conference_Location

Phoenix, AZ

Print_ISBN

1-4244-0198-4

Type

conf

DOI

10.1109/.2006.1629452

Filename

1629452