Research Article
RScam: Cloud-Based Anti-Malware via Reversible Sketch
@INPROCEEDINGS{10.1007/978-3-319-28865-9_9, author={Hao Sun and Xiaofeng Wang and Jinshu Su and Peixin Chen}, title={RScam: Cloud-Based Anti-Malware via Reversible Sketch}, proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2016}, month={2}, keywords={Reversible sketch Suspicious bucket filtering Signature-based Anti-malware Cloud-based}, doi={10.1007/978-3-319-28865-9_9} }
- Hao Sun
Xiaofeng Wang
Jinshu Su
Peixin Chen
Year: 2016
RScam: Cloud-Based Anti-Malware via Reversible Sketch
SECURECOMM
Springer
DOI: 10.1007/978-3-319-28865-9_9
Abstract
Cybercrime caused by malware becomes a persistent and damaging threat which makes the trusted security solution urgently demanded, especially for resource-constrained ends. The existing industry and academic approaches provide available anti-malware systems based on different perspectives. However, it is hard to achieve high performance detection and data privacy protection simultaneously. This paper proposes a cloud-based anti-malware system, called RScam, which provides fast and trusted security service for the resource-constrained ends. In RScam, we present suspicious bucket filtering, a novel signature-based detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. Then we design a lightweight client which utilizes the digest of signature fragments to sharply reduce detection range. Finally, we design balanced interaction mechanism, which transmits sketch coordinates of suspicious file fragments and transformation of malicious signature fragments between the client and cloud server to protect data privacy and reduce traffic volume. We evaluate the performance of RScam with campus suspicious traffic and normal files. The results demonstrate validity and veracity of the proposed mechanism. Our system can outperform other existing systems with less time and traffic consumption.