Abstract
This paper introduces Purenet, which is a self-learning malware detection system aimed at avoiding zero-day attacks and other delays in patching application systems when attacks are identified. The concept and architecture of Purenet are described, specifically positioning anomaly detection as the system enabler. Deployment of the system in an operational environment is discussed, and associated recommendations and findings are presented based on this. Findings from the prototype include various considerations which should influence the design of such security software including latency considerations, multi protocol support, cloud anti-malware integration, resource requirement issues, reporting, base platform hardening and SIEM integration.
Chapter PDF
Similar content being viewed by others
References
Elovici, Y., Shabtai, A., Moskovitch, R., Tahan, G., Glezer, C.: Applying machine learning techniques for detection of malicious code in network traffic. In: Hertzberg, J., Beetz, M., Englert, R. (eds.) KI 2007. LNCS (LNAI), vol. 4667, pp. 44–50. Springer, Heidelberg (2007)
Firstbrook, P.: Why Malware Filtering Is Necessary in the Web Gateway. Published 2008-08-26 Gartner. Gartner ID: G001584595
Heidari, M.: Malicious Codes in Depth (2004), http://www.securitydocs.com/pdf/2742.pdf
Kienzle, D.M., Elder, M.C.: Internet WORMS: Past, Present, and Future: Recent worms: a survey and trends. In: ACM Workshop on Rapid Malcode, WORM 2003 (2003)
Moskovitch, R., Stopel, D., Feher, C., Nissim, N., Elovici, Y.: Unknown Malcode Detection via Text Categorization and the Imbalance Problem. In: IEEE Intelligence and Security Informatics, Taiwan (2008)
Moskovitch, R., Feher, C., Elovici, Y.: Unknown Malcode Detection - A Chronological Evaluation. In: IEEE Intelligence and Security Informatics, Taiwan (2008)
Moskovitch, R., Elovici, Y.: Unknown Malicious Code Detection - Practical Issues. In: 7th European Conference on Warfare and Security, Plymouth, UK (2008)
Moskovitch, R., Nissim, N., Elovici, Y.: Acquisition of Malicious Code Using Active Learning. In: Bonchi, F., Ferrari, E., Jiang, W., Malin, B. (eds.) PinKDD 2008. LNCS, vol. 5456, pp. 74–91. Springer, Heidelberg (2009)
NCSA Study (2005), http://www.staysafeonline.info/pdf/safety_study_2005.pdf
Symantec: Security Report (2006), http://www.symantec.com
Weka software, http://www.cs.waikato.ac.nz/ml/weka/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Arnab, A., Martin, T., Hutchison, A. (2011). Practical Experiences with Purenet, a Self-Learning Malware Prevention System. In: Camenisch, J., Kisimov, V., Dubovitskaya, M. (eds) Open Research Problems in Network Security. iNetSec 2010. Lecture Notes in Computer Science, vol 6555. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19228-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-19228-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19227-2
Online ISBN: 978-3-642-19228-9
eBook Packages: Computer ScienceComputer Science (R0)