Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)
Phoenix, AZ, USA
Apr. 10, 2006 to Apr. 12, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/.2006.1629452
null Yanjun Wu , Inst. of Software, Chinese Acad. of Sci., Beijing, China
null Wenchang Shi , Inst. of Software, Chinese Acad. of Sci., Beijing, China
Most malware are introduced into a computer system by applications that communicate with the outside world. These applications (called portals) are key components for system security. This paper presents an efficient anti-malware framework under Linux by monitoring the behavior of these portals and isolating the files they induced. The files created or modified by the monitored applications will be marked with a suspicious label; when a file with suspicious label is accessed, a predefined scanning tool or other mechanisms in user-land will be invoked to check the file. The file labeling and access mediation are done in kernel, thus is mandatory and transparent to user applications; the scanning mechanisms are implemented in user land, thus flexible for user to customize. Experiment result under Linux shows the framework can prevent malware's intrusion with small performance penalty.
portal monitoring, system security, antimalware framework, Linux, file labeling, access control, virus scanning mechanisms
n. Yanjun Wu and n. Wenchang Shi, "Portal monitoring based anti-malware framework: design and implementation," Performance, Computing, and Communications Conference, 2002. 21st IEEE International(PCC), Phoenix, AZ, USA, 2006, pp. 74.