This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: -Blocking mode 1 2 Network service o Detection engines -A cluster of servers -Update signatures at a central source o Aggregation -Problems: a) Detector may fail. b) Detector may be very slow c) Solution?: use subset -How to determine a file is malicious? (threshold) a) e.g. strict police: single engine b) send a report to client/host o cache: (improve performance) -what should be cached? reports -Where to cache? Client and server Topic 2: Evaluation Malware Dataset o Arbor Malware Library o X-axis is time; y-axis is detection rate -Use different datasets Results o Compare cumulative executable launches with unique executable launches -what do you observe ? -what is the indication?...
View Full Document
- Summer '08
- Web server, Client-server, Client software, cumulative executable launches, File unique identifier, unique executable launches