Performance improvements in behavior based malware detection solutions

Abstract

The constant evolution of malware, both in number and complexity, represents a severe threat to individual users and organizations. This is increasing the need for more advanced security solutions, such as dynamic behavior-based malware detection, that monitor and analyze actions performed on a system in real time. However, this approach comes with an intuitive downfall, the performance overhead. For this issue we propose two solutions that can be used separately or combined. The first approach takes advantage of the advances in hardware and uses asynchronous processing, thus reducing the impact on the monitored applications. The second approach relies on a dynamic reputation system, based on which different monitoring levels for applications can be defined. The differential monitoring of processes according to their dynamic reputation leads to a diminished general performance impact and also a lower false positive rate.