Cloud computing refers to applications and services provided seamlessly on the Internet.
Traditional antivirus software is installed on millions of individual computers around the world but according to researchers, antivirus software from popular vendors is increasingly ineffective.
The researchers observed malware --malicious software--detection rates as low as 35 percent against the most recent threats and an average window of vulnerability exceeding 48 days. That means new threats went undetected for an average of seven weeks. The computer scientists also found severe vulnerabilities in the antivirus engines themselves.
The researchers' new approach, called CloudAV, moves antivirus functionality into the "network cloud" and off personal computers. CloudAV analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously.
"CloudAV virtualizes and parallelizes detection functionality with multiple antivirus engines, significantly increasing overall protection," said Farnam Jahanian, professor of computer science and engineering in the Department of Electrical Engineering and Computer Science.
Jahanian, along with doctoral candidate Jon Oberheide and postdoctoral fellow Evan Cooke, both in the Department of Electrical Engineering and Computer Science, recently presented a paper on the new approach at the USENIX Security Symposium.
To develop this novel approach, the researchers evaluated 12 traditional antivirus software programs against 7,220 malware samples, including viruses, collected over a year. The vendors tested were: Avast, AVG, BitDefender, ClamAV, CWSandbox, F-Prot, F-Secure, Kaspersky, McAfee, Norman Sandbox, Symantec and Trend Micro.
Traditional antivirus software that resides on a personal computer checks documents and programs as they are accessed. Because of performance constraints and program incompatibilities, only one antivirus detector is typically used at a time.
CloudAV, however, can support a large number of malicious software detectors that act in parallel to analyze a single incoming file. Each detector operates in its own virtual machine, so the technical incompatibilities and security issues are resolved, Oberheide said.
CloudAV is accessible to any computer or mobile device on the network that runs a simple software agent. Each time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis. The CloudAV system the researchers built uses 12 different detectors that act together to tell the inquiring computer whether the item is safe to open.
CloudAV also caches analysis results, speeding up the process compared with traditional antivirus software. This could be useful for workplaces, for example, where multiple employees might access the same document. The new approach also includes what the developers call "retrospective detection," which scans its file access history when a new threat is identified. This allows it to catch previously-missed infections earlier.
The researchers see promising opportunities in applying CloudAV to cell phones and other mobile devices that aren't robust enough to carry powerful antivirus software.
The paper is called: CloudAV: N-Version Antivirus in the Network Cloud.
For more information:
CloudAV Project Summary: http://www.eecs.umich.edu/fjgroup/cloudav/
USENIX Security Symposium: http://www.usenix.org/events/sec08/Michigan Engineering:
Nicole Casal Moore | Newswise Science News
Putting food-safety detection in the hands of consumers
15.11.2018 | Massachusetts Institute of Technology
Next stop Morocco: EU partners test innovative space robotics technologies in the Sahara desert
09.11.2018 | Deutsches Forschungszentrum für Künstliche Intelligenz GmbH, DFKI
Researchers at the University of New Hampshire have captured a difficult-to-view singular event involving "magnetic reconnection"--the process by which sparse particles and energy around Earth collide producing a quick but mighty explosion--in the Earth's magnetotail, the magnetic environment that trails behind the planet.
Magnetic reconnection has remained a bit of a mystery to scientists. They know it exists and have documented the effects that the energy explosions can...
Biochips have been developed at TU Wien (Vienna), on which tissue can be produced and examined. This allows supplying the tissue with different substances in a very controlled way.
Cultivating human cells in the Petri dish is not a big challenge today. Producing artificial tissue, however, permeated by fine blood vessels, is a much more...
Faster and secure data communication: This is the goal of a new joint project involving physicists from the University of Würzburg. The German Federal Ministry of Education and Research funds the project with 14.8 million euro.
In our digital world data security and secure communication are becoming more and more important. Quantum communication is a promising approach to achieve...
On Saturday, 10 November 2018, the research icebreaker Polarstern will leave its homeport of Bremerhaven, bound for Cape Town, South Africa.
When choosing materials to make something, trade-offs need to be made between a host of properties, such as thickness, stiffness and weight. Depending on the application in question, finding just the right balance is the difference between success and failure
Now, a team of Penn Engineers has demonstrated a new material they call "nanocardboard," an ultrathin equivalent of corrugated paper cardboard. A square...
09.11.2018 | Event News
06.11.2018 | Event News
23.10.2018 | Event News
16.11.2018 | Health and Medicine
16.11.2018 | Life Sciences
16.11.2018 | Life Sciences