Recursive hashing functions for n-grams
ACM Transactions on Information Systems (TOIS)
A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Efficient randomized pattern-matching algorithms
IBM Journal of Research and Development - Mathematics and computing
Avfs: an on-access anti-virus file system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Hash-AV: fast virus signature scanning by cache-resident filters
International Journal of Security and Networks
Efficient signature based malware detection on mobile devices
Mobile Information Systems
Less hashing, same performance: Building a better Bloom filter
Random Structures & Algorithms
CloudAV: N-version antivirus in the network cloud
SS'08 Proceedings of the 17th conference on Security symposium
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Profiling and accelerating string matching algorithms in three network content security applications
IEEE Communications Surveys & Tutorials
Energy-efficient cluster computing with FAWN: workloads and implications
Proceedings of the 1st International Conference on Energy-Efficient Computing and Networking
GrAVity: a massively parallel antivirus engine
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Challenges and opportunities for efficient computing with FAWN
ACM SIGOPS Operating Systems Review
Exact pattern matching with feed-forward bloom filters
Journal of Experimental Algorithmics (JEA)
Proceedings of the 9th international conference on Autonomic computing
Knowing your enemy: understanding and detecting malicious web advertising
Proceedings of the 2012 ACM conference on Computer and communications security
Malware classification method via binary content comparison
Proceedings of the 2012 ACM Research in Applied Computation Symposium
A highly-efficient memory-compression approach for GPU-Accelerated virus signature matching
ISC'12 Proceedings of the 15th international conference on Information Security
Hi-index | 0.00 |
We present the design and implementation of a novel anti-malware system called SplitScreen. SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches. The screening step filters out most non-infected files (90%) and also identifies malware signatures that are not of interest (99%). The screening step significantly improves end-to-end performance because safe files are quickly identified and are not processed further, and malware files can subsequently be scanned using only the signatures that are necessary. Our approach naturally leads to a network-based anti-malware solution in which clients only receive signatures they needed, not every malware signature ever created as with current approaches. We have implemented SplitScreen as an extension to ClamAV [13], the most popular open source anti-malware software. For the current number of signatures, our implementation is 2× faster and requires 2× less memory than the original ClamAV. These gaps widen as the number of signatures grows.