한국산업정보학회논문지 (Journal of Korea Society of Industrial Information Systems)

한국산업정보학회 (Korea Society of Industrial Information Systems)
권호 표지
DOI QR코드

DOI QR Code

MWMon: A Software Defined Network-based Malware Monitor

  • 조민재 (세종대학교 컴퓨터공학과) ;
  • 신지선 (세종대학교 정보보호학과)
  • 투고 : 2015.09.14
  • 심사 : 2015.10.27
  • 발행 : 2015.10.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

An antivirus is a widely used solution for detecting malicious softwares in client devices. The performance of antivirus solutions in the mobile client environment is critical due to its resource constrains. Many solutions light-weighting client's overhead in the mobile client environment have been developed. However, most solutions require platform modifications or software installations and it decreases their realizations in practice. In this paper, we propose a solution detecting malwares on networks using the Software Defined Network (SDN). Our main goal is designing a solution detecting malwares of mobile client without involving the client into the work. We contribute to provide a solution that does not require client-side installations or modifications and so is easily applicable in practice.

키워드

참고문헌

  1. McAfee Report, http://www.mcafee.com/kr/resources/reports/rpquarterly-threat-q3-2014.pdf
  2. SDN wiki, http://en.wikipedia.org/wiki/Software-defined_networking
  3. N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, J. Turner, "OpenFlow: Enabling Innovation in Campus Networks," SIGCOMM Comput. Commun. Rev., Vol. 38, No. 2, pp.69-74, March 2008.
  4. S. Shin, G. Gu, "CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)," in 20th IEEE International Conference on Network Protocols (ICNP). IEEE, pp.1-6, 2012.
  5. Bates A, Butler K, Haeberlen A, Sherr M, Zhou W, "Let SDN be your eyes: Secure forensics in data center networks," Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT'14). 2014.
  6. AY Ding, J Crowcroft, S Tarkoma, H Flinck, "Software defined networking for security enhancement in wireless mobile networks," Vol. 66, pp.94-101, 2014 https://doi.org/10.1016/j.comnet.2014.03.009
  7. L. von Ahn, M. Blum, N.J. Hopper, J. Langford, "CAPTCHA: Using Hard AI Problems for Security," Lecture Notes in Computer Science 2656, pp.294-311, 2003
  8. S. Lim, J. Ha, H. Kim, Y. Kim, S. Yang, "A SDN-oriented DDoS blocking scheme for botnet-based attacks." Ubiquitous and Future Networks (ICUFN), 2014 Sixth International Conf on. IEEE, pp.63-68, 2014.
  9. Abaid, Zainab, Mohsen Rezvani, Sanjay Jha. "MalwareMonitor: An SDN-based Framework for Securing Large Networks," Proceedings of the 2014 CoNEXT on Student Workshop. ACM, pp.40-42, 2014.
  10. R. Skowyra, S. Bahargam, A. Bestavros, "SoftwareDefined IDS for Securing Embedded Mobile Devices," 2013. [Online]. Available: http://www.cs.bu.edu/techreports/pdf/2013-005-software-defined-ids.pdf
  11. R. Jin, B. Wang, "Malware detection for mobile devices using software-defined networking," in Research and Educational Experiment Workshop (GREE), 2013 Second GENI. IEEE, pp.81-88, 2013.
  12. J. H. Jafarian, E. Al-Shaer,Q. Duan, "Openflow random host mutation: transparent moving target defense using software defined networking," in Proceedings of the first workshop on Hot topics in software defined networks. ACM, pp.127-132, 2012.
  13. K. Yap, Y. Yiakoumis, M. Kobayashi, S. Katti, G. Parulkar, N. McKeown, "Separating authentication, access and accounting: A case study with OpenWiFi," Open Networking Foundation, Tech. Rep., 2011.
  14. Lara, Adrian, Byrav Ramamurthy. "OpenSec: A framework for implementing security policies using OpenFlow." Global Communications Conference (GLOBECOM), pp.781-786 2014.
  15. Oberheide, Jon, Evan Cooke, Farnam Jahanian. "CloudAV: NVersion Antivirus in the Network Cloud." USENIX Security Symposium, pp.91-106, 2008
  16. Cha, Sang Kil, et al. "SplitScreen: Enabling efficient, distributed malware detection." Communications and Networks, Vol 13, No. 2, pp.187-200, 2011 https://doi.org/10.1109/JCN.2011.6157418
  17. Jarabek, Chris, David Barrera, John Aycock. "Thinav: Truly lightweight mobile cloudbased anti-malware," Proceedings of the 28th Annual Computer Security Applications Conference. ACM, pp.209-218, 2012.
  18. Kaspersky, http://www.kaspersky.com
  19. VirusChief, http://www.viruschief.com
  20. VirusTotal, http://www.virustotal.com
  21. E. Chin, A.P. Felt, K. Greenwood, D. Wagner, "Analyzing inter-app lication communication in Android," In Proceedings of the 9th international conference on Mobile systems, applications, and services, ACM, pp. 239-252 ,2011
  22. Min Jae Jo, "Performance Enhancement of malware detection in the lightweight client environment", MA thesis, Sejong University, 2015
  23. ClamAV, http://www.clamav.net/index.html
  24. Wu. D. J, Mao. C. H, Wei. T. E, Lee. H. M and Wu. K. P, "Droidmat: Android malware detection through manifest and api calls tracing." Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. IEEE, pp. 62-69, 2012.
  25. V. Van der Veen, "Dynamic Analysis of Android Malware," Master Thesis, VU University Amsterdam, Aug. 2013. [Online]. Available:http://tracedroid.few.vu.nl/thesis.pdf
  26. Min Jae Jo and Ji Sun Shin, "A Performance Enhancement Scheme for Signature-based Anti-Viruses," Journal of the Korea Industrial Information System Society, Vol. 20, No. 2, pp. 65-72, 2015. https://doi.org/10.9723/jksiis.2015.20.2.065
  27. S. Scott-Hayward, G. O'Callaghan, S. Sezer, "SDN Security: A Survey," IEEE SDN for Future Networks and Services, s pp.1-7, November 2013.
  28. Eun Jun Yoon, Hyun Sung Kim and Ki Dong Bu, "An Intrusion Detection System Using Pattern Classification", Proceedings of the Korea Society for Industrial Systems Conference, 2002.
  29. Hyun Chul Cha, "A Solution for Timing Gap Problems on Network Intrusion Detection Systems", Journal of the Korea Industrial Information System Society, Vol. 7, No.1, pp. 1-6, 2001.
  30. Jae Min Son, Hyun Sung Kim and Ki Dong Bu, "A Scheme for Protecting Security Rules in Intrusion Detection System", Journal of the Korea Industrial Information System Society, Vol. 8, No.4, pp. 8-16, 2003.