{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Lec07a - -Blocking mode 1 2 Network service o Detection...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
COMP7370 Advanced Computer and Network Security Announcement: midterm exam – March 3 rd , 2011. CloudAV: N-Version Antivirus in the Network Cloud (4) Topics: 1. Architecture and Design Issues 2. Evaluation (not covered, next time) Topic 1: Architecture Basic ideas: o N-Version protection o host-based to server-based: what benefits? - host agent may be disabled by attackers. - Good performance; multiple agents o cloud computing Three components. o Client software o Network service o Archival/forensics service o Can you outline architecture of CloudAV? - Individual exercise (5 min) - Group discussion Client software o File unique identifier. - many files, which one has been analyzed? - MD5 or SHA-1 o User interface - Transparent mode -
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: -Blocking mode 1 2 Network service o Detection engines -A cluster of servers -Update signatures at a central source o Aggregation -Problems: a) Detector may fail. b) Detector may be very slow c) Solution?: use subset -How to determine a file is malicious? (threshold) a) e.g. strict police: single engine b) send a report to client/host o cache: (improve performance) -what should be cached? reports -Where to cache? Client and server Topic 2: Evaluation Malware Dataset o Arbor Malware Library o X-axis is time; y-axis is detection rate -Use different datasets Results o Compare cumulative executable launches with unique executable launches -what do you observe ? -what is the indication?...
View Full Document

  • Summer '08
  • Qin,X
  • Web server, Client-server, Client software, cumulative executable launches, File unique identifier, unique executable launches

{[ snackBarMessage ]}

Page1 / 2

Lec07a - -Blocking mode 1 2 Network service o Detection...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online