Server-Side Detection of Malware Infection

摘要

We review the intertwined problems of malware and online fraud, and argue that the fact that service providers often are financially responsible for fraud causes a relative lack of incentives for clients to manage their own security well. This suggests the need for a server-side tool to determine the security posture of clients before letting them transact.rnWe introduce an exceedingly lightweight audit mechanism to address this need - permitting for post-mortem infection analysis - and prove its security properties based on standard cryptographic hardness assumptions. We describe a deployment architecture that aligns the incentives of participants in order to facilitate quick adoption and widespread use of the technology. Our approach is flexible enough to protect even low-end computing devices like mobile handsets, which future malware will target heavily, but whose power and bandwidth limitations result in poor effectiveness for traditional anti-virus solutions.rnA contribution of independent potential value is the enabling of a centralized analysis of malware-related events, which promises to extend the power of detection in comparison to what today's decentralized paradigm allows.