Title :
Portal monitoring based anti-malware framework: design and implementation
Author :
Wu, Yanjun ; Shi, Wenchang
Author_Institution :
Inst. of Software, Chinese Acad. of Sci., Beijing
Abstract :
Most malware are introduced into a computer system by applications that communicate with the outside world. These applications (called portals) are key components for system security. This paper presents an efficient anti-malware framework under Linux by monitoring the behavior of these portals and isolating the files they induced. The files created or modified by the monitored applications will be marked with a suspicious label; when a file with suspicious label is accessed, a predefined scanning tool or other mechanisms in user-land will be invoked to check the file. The file labeling and access mediation are done in kernel, thus is mandatory and transparent to user applications; the scanning mechanisms are implemented in user land, thus flexible for user to customize. Experiment result under Linux shows the framework can prevent malware´s intrusion with small performance penalty
Keywords :
Linux; computer crime; portals; system monitoring; Linux; access control; antimalware framework; file labeling; portal monitoring; system security; virus scanning mechanisms; Access control; Application software; Computer viruses; Computerized monitoring; Content addressable storage; Data security; Kernel; Linux; Operating systems; Portals;
Conference_Titel :
Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International
Conference_Location :
Phoenix, AZ
Print_ISBN :
1-4244-0198-4
DOI :
10.1109/.2006.1629452
