Empirical Study on Anti-Virus Architecture for Container Platforms
Container platforms provide many functions for diverse applications and are used to build and operate various information services. They have been extended not only to Linux and Unix-based servers but also to Windows and macOS-based desktops and laptops. Many systems use anti-virus software to minim...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9127954/ |
| _version_ | 1818856942412496896 |
|---|---|
| author | Sung-Hwa Han Hoo-Ki Lee Gwang-Yong Gim Sung-Jin Kim |
| author_facet | Sung-Hwa Han Hoo-Ki Lee Gwang-Yong Gim Sung-Jin Kim |
| author_sort | Sung-Hwa Han |
| collection | DOAJ |
| description | Container platforms provide many functions for diverse applications and are used to build and operate various information services. They have been extended not only to Linux and Unix-based servers but also to Windows and macOS-based desktops and laptops. Many systems use anti-virus software to minimize damage caused by malware. Most anti-virus software provide real-time malware detection functions and block the execution of malware by enforcing access denial functions for malware that cannot be deleted or for original files that cannot be restored. However, current anti-virus technologies are not designed for container platforms. Therefore, they cannot detect malware in containers in real time; nor can they block malware execution or user access to malware owing to the isolation feature provided by container platforms. To resolve these issues, we propose a functionally-isolated anti-virus architecture for container platforms. The proposed anti-virus architecture separates the functions of a legacy anti-virus engine to ensure compatibility with the isolation features of a container platform. By implementation, it was confirmed that the proposed anti-virus architecture can detect in real-time the entry of malware in a container platform and block the execution of, and user access to unrecoverable malware-infected files. The performance of the proposed functionally-isolated anti-virus architecture is similar to that of legacy anti-virus technology and was verified to be sufficiently effective. |
| first_indexed | 2024-12-19T08:32:31Z |
| format | Article |
| id | doaj.art-1e5420dc96d647a8b9a4ce848cd54b02 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-19T08:32:31Z |
| publishDate | 2020-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-1e5420dc96d647a8b9a4ce848cd54b022022-12-21T20:29:08ZengIEEEIEEE Access2169-35362020-01-01813494013494910.1109/ACCESS.2020.30055919127954Empirical Study on Anti-Virus Architecture for Container PlatformsSung-Hwa Han0https://orcid.org/0000-0002-5518-4746Hoo-Ki Lee1Gwang-Yong Gim2Sung-Jin Kim3https://orcid.org/0000-0002-9372-2568Department of ITPM, Soongsil University, Seoul, South KoreaDepartment of Cyber Security Engineering, Konyang University, Nonsan, South KoreaDepartment of ITPM, Soongsil University, Seoul, South KoreaDepartment of Intelligent Systems Engineering, Cheju Halla University, Jeju, South KoreaContainer platforms provide many functions for diverse applications and are used to build and operate various information services. They have been extended not only to Linux and Unix-based servers but also to Windows and macOS-based desktops and laptops. Many systems use anti-virus software to minimize damage caused by malware. Most anti-virus software provide real-time malware detection functions and block the execution of malware by enforcing access denial functions for malware that cannot be deleted or for original files that cannot be restored. However, current anti-virus technologies are not designed for container platforms. Therefore, they cannot detect malware in containers in real time; nor can they block malware execution or user access to malware owing to the isolation feature provided by container platforms. To resolve these issues, we propose a functionally-isolated anti-virus architecture for container platforms. The proposed anti-virus architecture separates the functions of a legacy anti-virus engine to ensure compatibility with the isolation features of a container platform. By implementation, it was confirmed that the proposed anti-virus architecture can detect in real-time the entry of malware in a container platform and block the execution of, and user access to unrecoverable malware-infected files. The performance of the proposed functionally-isolated anti-virus architecture is similar to that of legacy anti-virus technology and was verified to be sufficiently effective.https://ieeexplore.ieee.org/document/9127954/Anti-viruscontainerLXCmalwarereal-time detection |
| spellingShingle | Sung-Hwa Han Hoo-Ki Lee Gwang-Yong Gim Sung-Jin Kim Empirical Study on Anti-Virus Architecture for Container Platforms IEEE Access Anti-virus container LXC malware real-time detection |
| title | Empirical Study on Anti-Virus Architecture for Container Platforms |
| title_full | Empirical Study on Anti-Virus Architecture for Container Platforms |
| title_fullStr | Empirical Study on Anti-Virus Architecture for Container Platforms |
| title_full_unstemmed | Empirical Study on Anti-Virus Architecture for Container Platforms |
| title_short | Empirical Study on Anti-Virus Architecture for Container Platforms |
| title_sort | empirical study on anti virus architecture for container platforms |
| topic | Anti-virus container LXC malware real-time detection |
| url | https://ieeexplore.ieee.org/document/9127954/ |
| work_keys_str_mv | AT sunghwahan empiricalstudyonantivirusarchitectureforcontainerplatforms AT hookilee empiricalstudyonantivirusarchitectureforcontainerplatforms AT gwangyonggim empiricalstudyonantivirusarchitectureforcontainerplatforms AT sungjinkim empiricalstudyonantivirusarchitectureforcontainerplatforms |