A Network Based Approach to Malware Detection in Large IT Infrastructures

Malware is code that has malicious intent and is designed for malicious purpose such as stealing confidential data, or obtaining root privileges on a system. The current approach to deal with malware threats such as virus and spyware is to use host based anti-malware software. However, this approach leads to many vulnerable machines since many users don't update their software, their virus signatures, and some even disable their software to avoid the system performance degradation caused by these software. Host based security software require a good deal of administration, with consistent needs for reconfiguration, management, and report analysis. With security administrators supporting an ever growing number of users, such an approach has become impractical. In this paper, we present a novel network based malware detection architecture that uses host security vectors to protect host machines without any intervention from hosts. This architecture provides another layer of security and can complement existing host based solutions. Only central detection server needs to be actively managed instead of individual hosts - hence providing more manageable solution for large IT infrastructures.