The Experts below are selected from a list of 7158 Experts worldwide ranked by ideXlab platform
Sergio De Los Santos - One of the best experts on this subject based on the ideXlab platform.
-
Signatureminer a fast anti Virus Signature intelligence tool
Communications and Networking Symposium, 2018Co-Authors: Ignacio Martin, Jose Alberto Hernandez, Sergio De Los SantosAbstract:This article presents SignatureMiner, a semisupervised security framework for Anti-Virus Signatures featuring normalization, customization, clustering and knowledge discovery. SignatureMiner is based on MinHash and regular expressions and can be used both for malware label classification and Signature-based analytics.
Viorel Negru - One of the best experts on this subject based on the ideXlab platform.
-
a highly efficient memory compression approach for gpu accelerated Virus Signature matching
International Conference on Information Security, 2012Co-Authors: Ciprian Pungila, Viorel NegruAbstract:We are proposing an approach for implementing highly compressed Aho-Corasick and Commentz-Walter automatons for performing GPU-accelerated Virus scanning, suitable for implementation in real-world software and hardware systems. We are performing experiments using the set of Virus Signatures from ClamAV and a CUDA-based graphics card, showing how memory consumption can be improved dramatically (along with run-time performance), both in the pre-processing stage and at run-time. Our approach also ensures maximum bandwidth for the data transfer required in the pre-processing stage, between the host and the device memory, making it ideal for implementation in real-time Virus scanners. Finally, we show how using this model and an efficient combination of the two automata can result in much lower memory requirements in real-world implementations.
Rongtai Liu - One of the best experts on this subject based on the ideXlab platform.
-
a novel software based md5 checksum lookup scheme for anti Virus systems
International Conference on Wireless Communications and Mobile Computing, 2011Co-Authors: Nenfu Huang, Chianan Kao, Rongtai LiuAbstract:In recent years, the size of Virus Signature databases has been growing rapidly, leading to a corresponding reduction in the performance of anti-Virus (AV) software. In general, Virus Signature databases comprise string-based and hash-based (e.g., MD5) Signatures. Currently the majority of Signatures are hash-based and Cloud-based AV systems rely on them as the local cache to reduce the network loading. In this paper, we provide a novel scheme for looking up MD5 checksums to improve Virus scanning performance involving hash-based Signatures. The authors treat the range hash in which characters occur as a filter to avoid unnecessary lookups and keep the range of the exact search range to a minimum. The scheme is 135 times faster than ClamAV's in clean/general cases and only required 4MB of memory for hash-based filtering. This scheme could easily be extended to other hash-based applications.
Yuval Elovici - One of the best experts on this subject based on the ideXlab platform.
-
ALDROID: efficient update of Android anti-Virus software using designated active learning methods
Knowledge and Information Systems, 2016Co-Authors: Nir Nissim, Oren Barad, Lior Rokach, Robert Moskovitch, Yuval EloviciAbstract:Many new unknown malwares aimed at compromising smartphones are created constantly. These widely used smartphones are very dependent on anti-Virus solutions due to their limited resources. To update the anti-Virus Signature repository, anti-Virus vendors must deal with vast quantities of new applications daily in order to identify new unknown malwares. Machine learning algorithms have been used to address this task, yet they must also be efficiently updated on a daily basis. To improve detection and updatability, we introduce a new framework, “ALDROID” and active learning (AL) methods on which ALDROID is based. Our methods are aimed at selecting only new informative applications (benign and especially malicious), thus reducing the labeling efforts of security experts, and enable a frequent and efficient process of enhancing the framework’s detection model and Android’s anti-Virus software. Results indicate that our AL methods outperformed other solutions including the existing AL method and heuristic engine. Our AL methods acquired the largest number and percentage of new malwares, while preserving the detection models’ detection capabilities (high TPR and low FPR rates). Specifically, our methods acquired more than double the amount of new malwares acquired by the heuristic engine and 6.5 times more malwares than the existing AL method.
Ignacio Martin - One of the best experts on this subject based on the ideXlab platform.
-
Signatureminer a fast anti Virus Signature intelligence tool
Communications and Networking Symposium, 2018Co-Authors: Ignacio Martin, Jose Alberto Hernandez, Sergio De Los SantosAbstract:This article presents SignatureMiner, a semisupervised security framework for Anti-Virus Signatures featuring normalization, customization, clustering and knowledge discovery. SignatureMiner is based on MinHash and regular expressions and can be used both for malware label classification and Signature-based analytics.
