Title :
A practical business security framework to combat malware threat
Author :
Eswari, P. R Lakshmi ; Babu, N. Sarat Chandra
Author_Institution :
Centre for Dev. of Adv. Comput. (C-DAC), Hyderabad, India
Abstract :
Malware threats are continuously growing with sophistication. Though multiple layers of defense are provided at perimeter, network, host, application and data levels, it is still becoming a challenge to address malware related problems. They have grown in number as well as complexity and are responsible for attacks ranging from denial-of-service to compromising online banking accounts. In recent times, blended attacks are popular with high severity of damage and are difficult to address using signature based anti-malware solutions. Signature based anti-malware solutions are not able to completely detect and block malware behavior. Though heuristic based anti-malware solutions are able to increase the detection rate, their false positive rate is high. Application whitelisting is effective but creates rigidity on environment. Through this paper we analyzed positive as well as negative security models and proposed a practical security framework for combating malware threat, considering the nature of Information Technology (IT) systems and their business objective.
Keywords :
business data processing; invasive software; IT systems; application whitelisting; business security framework; denial-of-service attack; information technology; malware threats; online banking accounts; signature based anti-malware solutions; Fires; Internet; Malware; Mission critical systems; Software; Anamoly Detection; Application Whitelisting; Heuristic based; Malware; Mission Critical; Negative Security Model; Positive Security Model; Practical Business Security; Signature based; Specification based;
Conference_Titel :
Internet Security (WorldCIS), 2012 World Congress on
Conference_Location :
Guelph, ON
Print_ISBN :
978-1-4673-1108-3
