抽象的な

SeCom: A Novel Approach for Malware Confiscation in OS level Virtual Machines

R. Hema, T. VetriSelvi

Virtual Machines are based on the specifications of a presumptive computer. It is an independent instance and performs the function as like the original host machine. It can be created upon use and disposed upon the completion of the tasks or the detection of error. One of the main demerits of virtual machine is that if there is no malicious activity, the user has to redo all of the work in her actual workspace since there is no easy way to commit. So, a lightweight commitment approach called SeCom have been proposed, which eliminates the malicious program at the end of virtual machine termination i.e. while committing the benign data. It consists of three steps: correlation, recognition and commitment. Firstly, instead of manipulating huge data, it relies only on the OS level information flow and malware behaviors, thereby it reduces performance overhead. Secondly, it recognizes the data in cluster by cluster manner, to ease the detection. Thirdly, it marks the cluster as harmful if and only if it has at least two different types of malware behavior, to reduce the false positives. When comparing with other commercial antimalware tools, it cleans up all the malware behavior and maintains the performance of host machine to the desired level. Moreover, it results in lower number of false alarms than that accomplished by behavior based approach of antimalware tools.

免責事項: この要約は人工知能ツールを使用して翻訳されており、まだレビューまたは確認されていません