Hybrid Algorithm for Backward Hashing and Automation Tracking For Virus Scanning

Authors

  • Panchal Mital K  Department of Information Technology, L. D. College Of Engineering, Ahmedabad, Gujarat, India
  • Bakul Panchal  Department of Information Technology, L. D. College Of Engineering, Ahmedabad, Gujarat, India

Keywords:

ClamAv, AC, Backward Hashing

Abstract

Virus scanning involves computationally intensive string matching against a large number of signatures of different characteristics. Matching a variety of signatures challenges the selection of matching algorithms. We propose a hybrid approach that partitions the signatures into long and short ones in the open-source ClamAV for virus scanning. By improving and enhancing the Wu-Manber algorithm, the new algorithm called as the Backward Hashing algorithm which is dependable for only long patterns to extend the average skip distance. There is one more algorithm which takes care of short patterns is Aho-Corasick algorithm. It scans only short patterns to reduce the automation sizes. Algorithm we have discussed first uses the bad-block heuristic to develop long shift distance and thus decreasing the verification rate of recurrence. In that way it is much faster than the original WM implementation in ClamAV open source antivirus software. Algorithm we have stated later increases the AC performance by around 50 percent due to better cache locality. We also rank the factors to indicate their importance for the string matching performance.

References

  1. [BJL08] Martin Boldt, Andreas Jacobsson, Niklas Lavesson, and Paul Davidsson. “Automate  Spyware Detection Using End User License Agreements.” isa, 0:445–452, 2008.
  2. [DM01] Data Mining: Concepts and Techniques. By : Jiawei Han and Micheline Kamber
  3. [ACK04a] Tony Abou-Assaleh, Nick Cercone, Vlado Keselj, and Ray Sweidan. “Detection of new malicious code using n-grams signatures.” In Proceedings of Second Annual Con-ference on Privacy, Security and Trust, pp. 193–196, 2004.
  4. Computer Software and Applications Conference - Workshops and Fast Abstracts -(COMPSAC’04) - Volume 02, pp. 41–42, 2004.
  5. [Mal14]https://www.cert.gov.uk/wp-content/uploads/2014/08/An-introduction-to-malware.pdf
  6. [SD01] “Static Detection of Malicious Code in Executable Programs.” Symposium on Re-quirements Engineering for Information Security (SREIS’01), 2001.
  7. [Bon93] Vesselin Bontchev. “Analysis and maintenance of a clean virus library.” In Proceedings of the 3rd Internation Virus Bulletin Conference, pp. 77–89, 1993.
  8. [Ba89] Baeza-Yates R. A., ‘‘Improved string searching,’’ Software — Practice and Experience 19 (1989), pp. 257 271.
  9. [BM77] Boyer R. S., and J. S. Moore, ‘‘A fast string searching algorithm,’’ Communications of the ACM 20 (October 1977), pp. 762 772.
  10. [Kan02] Mehmed Kantardzic. Data Mining: Concepts, Models, Methods, and Algorithms.Wiley-IEEE Press, 2002.
  11. [WM92a]  Wu S., and U. Manber, ‘‘Agrep — A Fast Approximate Pattern-Matching Tool,’’ Usenix Winter 1992 Technical Conference, San Francisco (January 1992), pp. 153 162.
  12. [WM92b]  Wu S., and U. Manber, ‘‘Fast Text Searching Allowing Errors,’’ Communications of the ACM 35 (October 1992), pp. 83 91.
  13. [WM]http://wenku.baidu.com/view/096e6712a216147917112855.html
  14. [TA01] Danezis, George. "Traffic Analysis of the HTTP Protocol over TLS." Unpublished draft (2010).
  15. [TL01] Dierks, Tim. "The transport layer security (TLS) protocol version 1.2." (2008).
  16. [15] Dierks, Tim. "The transport layer security (TLS) protocol version 1.2." (2008).

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2015-06-25

Issue

Volume 1, Issue 3, May-June-2015

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Panchal Mital K, Bakul Panchal, " Hybrid Algorithm for Backward Hashing and Automation Tracking For Virus Scanning, International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 1, Issue 3, pp.324-328, May-June-2015.