Accession Number:

ADA557816

Title:

Evaluation of Malware Target Recognition Deployed in a Cloud-Based Fileserver Environment

Descriptive Note:

Master's thesis

Corporate Author:

AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT

Personal Author(s):

Report Date:

2012-03-01

Pagination or Media Count:

83.0

Abstract:

Cloud computing, or the migration of computing resources from the end user to remotely managed locations where they can be purchased on-demand, presents several new and unique security challenges. One of these challenges is how to efficiently detect malware amongst files that are possibly spread across multiple locations in the Internet over congested network connections. This research studies how such an environment will impact the performance of malware detection. A simplified cloud environment is created in which network conditions are fully controlled. This environment includes a fileserver, a detection server, the detection mechanism, and clean and malicious file sample sets. The performance of a novel malware detection algorithm called Malware Target Recognition MaTR is evaluated and compared with several commercial detection mechanisms at various levels of congestion. The research evaluates performance in terms of file response time and detection accuracy rates. Results show that there is no statistically significant difference in MaTRs true mean response time when scanning clean files with low to moderate levels of congestion compared to the leading commercial response times with a 95 confidence level. MaTR demonstrates a slightly faster response time, by roughly 0.1s to 0.2s, at detecting malware than the leading commercial mechanisms response time at these congestion levels, but MaTR is also the only device that exhibits false positives with a 0.3 false positive rate. When exposed to high levels of congestion, MaTRs response time is impacted by a factor of 88 to 817 for clean files and 227 to 334 for malicious files, losing its performance competitiveness with other leading detection mechanisms. MaTRs true positive detection rates are extremely competitive at 99.1.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE