IFIP SEC 2018, Abstract of the talk

Performance Improvements in Behavior Based Malware Detection Solutions

Gheorghe Hăjmăşan1,2, Alexandra Mondoc1,3, Radu Portase1,2, and Octavian Creț2
1 Bitdefender, Cluj-Napoca, Romania, 2 Technical University of Cluj-Napoca, Cluj-Napoca, Romania, 3 Babeş-Bolyai University, Cluj-Napoca, Romania

Abstract. The constant evolution of malware, both in number and complexity, represents a severe threat to individual users and organizations. This is increasing the need for more advanced security solutions, such as dynamic behavior-based malware detection, that monitor and analyze actions performed on a system in real time. However, this approach comes with an intuitive downfall, the performance overhead. For this issue we propose two solutions that can be used separately or combined. The first approach takes advantage of the advances in hardware and uses asynchronous processing, thus reducing the impact on the monitored applications. The second approach relies on a dynamic reputation system, based on which different monitoring levels for applications can be defined. The differential monitoring of processes according to their dynamic reputation leads to a diminished general performance impact and also a lower false positive rate.

The paper published in the IFIP SEC 2018 confeence proceedings by Springer Verlag