We propose a new signature-based, on-demand anti-virus solution using in-storage processing (ISP) to inspect the inside of a storage device. In-storage anti-virus systems are able to isolate malicious effects from main computing platforms, and they reduce the system overhead for virus detection. We implement our in-storage anti-virus platform using cost-effective, open-source hardware, and we verify that is practically applicable to storage devices.

With the diffusion of web services caused by the appearance of a new architecture known as cloud computing, a large number of websites have been used by attackers as hopping sites to attack other websites and user terminals because many vulnerable websites are constructed and managed by unskilled users. To construct hopping sites, many attackers force victims to download malware by using vulnerabilities in web applications. To protect websites from these malware infection attacks, conventional methods, such as using anti-virus software, filter files from attackers using pattern files generated by analyzing conventional malware files collected by security vendors. In addition, certain anti-virus software uses a behavior blocking approach, which monitors malicious file activities and modifications. These methods can detect malware files that are already known. However, it is difficult to detect malware that is different from known malware. It is also difficult to define malware since legitimate software files can become malicious depending on the situation. We previously proposed an access filtering method based on communication opponents, which are other servers or terminals that connect with our web honeypots, of attacks collected by web honeypots, which collect malware infection attacks to websites by using actual vulnerable web applications. In this blacklist-based method, URLs or IP addresses, which are used in malware infection attacks collected by web honeypots, are listed in a blacklist, and accesses to and from websites are filtered based on the blacklist. To reveal the effects in an actual attack situation on the Internet, we evaluated the detection ratio of anti-virus software, our method, and a composite of both methods. Our evaluation revealed that anti-virus software detected approximately 50% of malware files, our method detected approximately 98% of attacks, and the composite of the two methods could detect approximately 99% of attacks.

With the rising innovative antigens (such as intruders and viruses) through Internet, reliable security mechanisms are required to perceptively detect and put them down. However, defense techniques of the current host system over Internet may not properly analyze Internet antigens, because trends of attacks are unexpectedly shifted. In this paper, we introduce an Antibody Layer that mediates proper security services based on the biological mechanism to rapidly disclose and remove innovative antigens. The proposed Antibody Layer also employs a new topology called antibody cooperation protocol to support real-time security QoS for one host as well as host alliance.