Title: Towards Extending the Antivirus Capability to Scan Network Traffic

Year of Publication: 2015
Page Numbers: 18-23
Authors: Mohammed I. Al-Saleh
Conference Name: The International Technology Management Conference (ITMC2015)
- Turkey

Abstract:


Computer network is a major venue for malware to spread out and infect new victims. Many effective countermeasures against attacks are deployed at different network boundaries. Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Firewalls are among such security controls. The Antivirus (AV) software is widespread among end-users and deployed as a last line of defense against threats. Even effective at detecting attacks, popular AVs only detect malware if it is written to or read from the Hard Disk. Unfortunately, as already reported by a previous research, data sent (or received) through networks is not scanned by the AV. An exact reason of this weird behavior can only be speculated. Nevertheless, we believe that this problem should be approached. This paper proposes a novel approach to detect malware sent (or received) through networks.