Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

RScam: Cloud-Based Anti-Malware via Reversible Sketch

Download
295 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_9,
        author={Hao Sun and Xiaofeng Wang and Jinshu Su and Peixin Chen},
        title={RScam: Cloud-Based Anti-Malware via Reversible Sketch},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Reversible sketch Suspicious bucket filtering Signature-based Anti-malware Cloud-based},
        doi={10.1007/978-3-319-28865-9_9}
    }
    
  • Hao Sun
    Xiaofeng Wang
    Jinshu Su
    Peixin Chen
    Year: 2016
    RScam: Cloud-Based Anti-Malware via Reversible Sketch
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_9
Hao Sun1,*, Xiaofeng Wang1, Jinshu Su, Peixin Chen1
  • 1: National University of Defense Technology
*Contact email: haosunlight@163.com

Abstract

Cybercrime caused by malware becomes a persistent and damaging threat which makes the trusted security solution urgently demanded, especially for resource-constrained ends. The existing industry and academic approaches provide available anti-malware systems based on different perspectives. However, it is hard to achieve high performance detection and data privacy protection simultaneously. This paper proposes a cloud-based anti-malware system, called RScam, which provides fast and trusted security service for the resource-constrained ends. In RScam, we present suspicious bucket filtering, a novel signature-based detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. Then we design a lightweight client which utilizes the digest of signature fragments to sharply reduce detection range. Finally, we design balanced interaction mechanism, which transmits sketch coordinates of suspicious file fragments and transformation of malicious signature fragments between the client and cloud server to protect data privacy and reduce traffic volume. We evaluate the performance of RScam with campus suspicious traffic and normal files. The results demonstrate validity and veracity of the proposed mechanism. Our system can outperform other existing systems with less time and traffic consumption.