Practical experiences with purenet, a self-learning malware prevention system

Authors:
Alapan Arnab;Tobias Martin;Andrew Hutchison
Affiliations:
T-Systems South Africa, International Business Gateway, Midrand, South Africa;Deutsche Telekom Laboratories, Deutsche Telekom Allee 7, Darmstadt, Germany;T-Systems South Africa, International Business Gateway, Midrand, South Africa
Venue:
iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
Year:
2010

Citing 3
Cited 0

Recent worms: a survey and trends

Proceedings of the 2003 ACM workshop on Rapid malcode
Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic

KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence
Malicious Code Detection Using Active Learning

Privacy, Security, and Trust in KDD

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper introduces Purenet, which is a self-learning malware detection system aimed at avoiding zero-day attacks and other delays in patching application systems when attacks are identified. The concept and architecture of Purenet are described, specifically positioning anomaly detection as the system enabler. Deployment of the system in an operational environment is discussed, and associated recommendations and findings are presented based on this. Findings from the prototype include various considerations which should influence the design of such security software including latency considerations, multi protocol support, cloud anti-malware integration, resource requirement issues, reporting, base platform hardening and SIEM integration.