Download presentation
Presentation is loading. Please wait.
Published byReynard Bennett Modified over 9 years ago
1
Scanning Computer Viruses with Reduced Virus Definition File s1090009 Daisuke Anzai Supervised by Prof. H Toyoizumi
2
Scanning System Anti-virus software Virus Definition file scan Supply the information matching
3
Virus Definition File Since 1986, computer viruses have been increased extremely fast Now, there are more than 68000 kind of virus information has already published in the virus definition file
4
Problems This file length effects scan time These viruses will be increasing and more 100000 kinds in near future To scan them, server has big loading
5
Purpose Describe the possibility of reducing virus definition file Using M/D/1 queuing model, evaluate this server’s performance
6
Condition Virus detected by InterScan VirusWall which installed in the mail server of the University of Aizu are logged at Information Processing Center As a simulation data, use the data in last November
7
Virus log list
8
Virus Character The probability that a specific virus come again is high if the virus arrived many in recently The definition file must have efficacy against the new type and new type will appear one after another
9
Algorithm Logged everyday Sum of log during I.1 month (30 days) II.1 week (7 days) III.1 day Change the rank to descending order and elect top n
10
Example of algorithm (1 month method, n=10) Sum of log from 10/2 to 10/31 1. 2. … 10. Scan 11/2 Sum of log from 10/3 to 11/1 1. 2. … 10. Scan 11/1 Virus definition file Log file
11
The Rate of Eliminating Virus Mail (n=10)
12
The Elimination Rate of Virus Mail (average the 7days)
13
Queuing Theory To calculate the probability can be received service have not waiting, the average length in queue, and average time from arriving to leaving Queuing classify several kinds by distribution of arrival and service, number of windows, and existence of procession limit
14
To client Probability waiting will arise when a mail arrived ( ) Number of mails in queue (L) Waiting time (W) Scanning time (S) Arrival rate ( ) Modeling of M/D/1 queuing system start finish
15
Define and The rate of average arrival ( ) –Assume that 10000 mails arrived on a hour. When 1 second, average of arrival is The rate of average service ( ) –It assume that the time need to scan for one mail is S(second). Then,
16
Reducing Assume that 68000 kinds of virus information published in virus definition file currently, and reducing definition file published only n kinds. New service rate S’ define as
17
Length in Queue and Waiting Time
18
The Relation S and W
19
Result If scanning viruses are several ten kinds, it is low risk for users when the scanning is efficiently Instead of using the waist time to lookup old viruses, server can use the processing ability to scan new type viruses which hard to detect
20
Future Works Research the measure against the attacking viruses in a special day
21
Reference (Mathematics) 1.D.P.Heyman, M.J.Sobel, Stochastic Models, 1990 2.Sheldon M.Ross, Stochastic Process Second Edition, 1996
22
Reference (Virus information) 4.Symantec, http://www.symantec.com/http://www.symantec.com/ 5.Information Processing Center, http://web- int/labs/istc/http://web- int/labs/istc/
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.