Cloud Antivirus
18
8/8/2019 Cloud Antivirus http://slidepdf.com/reader/full/cloud-antivirus 1/18 CLOUD ANTIVIRUS BY TEJASVI MHASKE T.E.I.T ROLL NO: 3532 A SEMINAR ON 1
-
Upload
tejasvi-mhaske -
Category
Documents
-
view
215 -
download
0
Transcript of Cloud Antivirus
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 1/18
CLOUD ANTIVIRUSBY TEJASVI MHASKE T.E.I.T ROLL NO: 3532
A SEMINAR ON
1
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 2/18
2 Cloud AV
ROAD MAP
y Introduction
y Motivation and Limitations of Antivirus
y
Rise Overviewy AV as an In-Cloud Network Service
y Implementation and Evaluation
y Discussion and Future Directions
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 3/18
3 Cloud AV
Cloud computingy Internet based computing, like
public utility
y Paradigm shift: mainframe to client-
servery A delivery model for IT services
y Offer virtualized resources as aservice
y
Software and data are stored onservers
y Single points of access for all needs
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 4/18
4 Cloud AV
Antivirusy Widely deployed
y Last line of defense
y
Over $10 billion market in 2008LIMITATIONS:
yDetection Coverage
y AV Software Vulnerabilities
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 5/18
Cloud AV 5
Detection Degradation:AV Vendor Version 3 Months 1 Month 1 Week
Avast 4.7.1043 62.7% 45.8% 39.6%
AVG 7.5.503 83.8% 78.6% 72.2%
BitDefender 7.1.2559 83.9% 79.7% 78.5%
ClamAV 0.91.2 57.5% 48.8% 46.8%
CWSandbox 2.0 N/A N/A N/A
F-Prot 6.0.8.0 70.4% 49.6% 46.0%
F-Secure 8.00.101 80.9% 74.4% 60.3%
Kaspersky 7.0.0.125 89.2% 84.0% 78.5%
McAfee 8.5.0i 70.5% 56.7% 53.9%
Norman 1.8 N/A N/A N/A
Symantec 15.0.0.58 60.8% 38.8% 45.2%
Trend Micro 16.00 79.4% 74.6% 75.3%
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 6/18
6 Cloud AV
AV Software Vulnerabilities
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 7/18
7 Cloud AV
Addressing the Limitationsy Detection Coverage
· Dismal detection rates
· Slow response to emerging threats
· Disjoint detection/collection methods
y AV Software Vulnerabilities
· Complexity leads to security risk
· Local and remote exploits
· Inherently high privileges
Leverage detection capabilities from multiple vendors
Need isolation between end host and analysis engines
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 8/18
8 Cloud AV
Rise Overview:y Feb, 2006: Bruce Schneier blogged.
y August 7, 2007: Rethinking Antivirus: Executable Analysis in the Network Cloud-- Jon Oberheide,
Evan Cooke, Farnam Jahanian(University of Michigan)
y June 12, 2008: Malware Analysis in the NetworkCloud-- Jon Oberheide
y
July 30, 2008: N-Version Antivirus in the NetworkCloud-- Jon Oberheide, Evan Cooke, Farnam Jahanian
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 9/18
9 Cloud AV
AV: In-Cloud Network Service
y By providing antivirus as an in-cloud service:
Better detection of malicious software Enhanced forensics capabilities
Retrospective detection
Improved deployability and management
NetworkComponent
HostComponent
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 10/18
10 Cloud AV
Architecture
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 11/18
11 Cloud AV
Implementation Host Agenty Platforms:
· Windows 2000/XP/Vista, Linux 2.4/2.6, FreeBSD 6
· Milter frontend interface (Sendmail, Postfix)
· Nokia Maemo mobile platformy Win32 host agent
· Win32 API hooking (jmp insertion, IAT/EATpatching)
· ~1500 LOC, 60% managed code· Co-exists peacefully with existing AV engines
y Linux/BSD host agent
· Python, < 300 LOC, LSM syscall hooking
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 12/18
12 Cloud AV
ImplementationNetwork Servicey Backend analysis engines
· 10 antivirus engines:
· Avast, AVG, Bit Defender, ClamAV, F-Prot, F-
Secure, Kaspersky, McAfee, Symantec,Trend Micro
· 2 behavioral engines
· Norman Sandbox, CWSandbox
y Hosted in Xen VM containers· 9 WinXP HVM, 3 Linux domU paravirt
· Isolation/Recovery: in case of engine compromise
· Scalability: dynamically spin up/down instances
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 13/18
13 Cloud AV
Management Interface:
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 14/18
14 Cloud AV
Evaluationy Malware Dataset
-N versionprotection
y
Retrospective Detection-Large window of vulnerability
- essential to
discover previously infected hosts
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 15/18
15 Cloud AV
Discussion And Limitations
y User Context and Environment in DetectionEngines
y Disconnected Operation
y Managing False Positives
y Breaking Free of Vendor Lock-in
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 16/18
16 Cloud AV
Future Directions
The bigger picture: migrate certainsecurity services into the network
cloud Adhoc solution I n-Cloud solution
y Inherent in-cloud advantages
Global visibility Centralized management
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 17/18
17 Cloud AV
In-Cloud Security Servicesy Past in-cloud services
Email filtering
Recent CloudAV service
Panda CloudAV
McAfee
8/8/2019 Cloud Antivirus
http://slidepdf.com/reader/full/cloud-antivirus 18/18
Cloud AV 18
THANK YOUUI Y- O . . A A A KU KA NI
QU TION ?
