Title: SplitScreen:

Enabling Efficient, Distributed Malware DetectionSpeaker: Sang Kil Cha, Carnegie

Mellon UniversityDate: June 22 (Tue) 5:00pm~6:00pmPlace: Science Library 611 ICP

lecture room, Korea University(과학도서관 611호 ICP강의실)Abstract:We present the

design and implementation of a novel anti-malware system called SplitScreen.

SplitScreen performs an additional screening step prior to the signature matching

phase found in existing approaches. The screening step filters out most non-infected

files(90%) and also identifies malware signatures that are not of interest (99%). The

screening step significantly improves end-to-end performance because safe files are

quickly identified and are not processed further, and malware files can subsequently

be scanned using only the signatures that are necessary. Our approach naturally leads

to a network-based anti-malware solution in which clients only receive signatures

they needed, not every malware signature ever created as with current approaches. We

have implemented SplitScreen as an extension to ClamAV, the most popular open source

anti-malware software. For the current number of signatures, our implementation is 2

times faster and requires 2 times less memory than the original ClamAV. These gaps

widen as the number of signatures grows.Bio:Sang Kil Cha is a PhD student in the

Electrical & Computer Engineering department of Carnegie Mellon University. He

received his BS in Electrical Engineering from Korea University. His current research

interests revolve mainly around software security including binary analysis and

exploit generation. He is also a co-founder of Plaid Parliament of Pwning, the

security research team at CMU.He is a recipient of the NSF CAREER award in 2004, IBM

faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, and the

Security 7 award in the category of education by the Information Security Magazine in

2009.