Abstract
Sophisticated malware is designed to spread over the network and infect as many connected client machines as possible before being detected. Network security engineers have always been challenged to detect and track down such malware before infecting new client machines. Consequently, they proposed several techniques that are deployed at different network boundaries, such as network-based intrusion detection systems IDS and proxy-based solutions. However, recent malware has been successfully able to bypass security protocols and anti-malware shields deployed at the network level, leaving the client machines at high risk of infection. The client antivirus AV software is considered the last line of defense against attacks that bypass network-based protection systems. Had the AV also been bypassed, the client would have been infected and compromised. In this paper, we propose an improvement to the client-based AV software to complement the network-based anti-malware software. We propose an AV add-on feature that enhances the capability of existing AV software to scan network data. We show that our solution is capable of detecting malware spread over the network upon arrival to the client machine and before it starts to behave maliciously. In addition, our solution shows that it has no significant overhead on the system under normal network traffic.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call