Gheorghe Hăjmăşan1,2,
Alexandra Mondoc1,3,
Radu Portase1,2, and
Octavian Creț2
1
Bitdefender, Cluj-Napoca, Romania,
2
Technical University of Cluj-Napoca, Cluj-Napoca, Romania,
3
Babeş-Bolyai University, Cluj-Napoca, Romania
Abstract. The constant evolution of malware, both in number and complexity, represents a severe threat to individual users and organizations. This is increasing the need for more advanced security solutions, such as dynamic behavior-based malware detection, that monitor and analyze actions performed on a system in real time. However, this approach comes with an intuitive downfall, the performance overhead. For this issue we propose two solutions that can be used separately or combined. The first approach takes advantage of the advances in hardware and uses asynchronous processing, thus reducing the impact on the monitored applications. The second approach relies on a dynamic reputation system, based on which different monitoring levels for applications can be defined. The differential monitoring of processes according to their dynamic reputation leads to a diminished general performance impact and also a lower false positive rate.
The paper published in the IFIP SEC 2018 confeence proceedings by Springer Verlag