||The rising of malicious software and network APT attacks severely brings the risk of security exploitation to all the enterprises and personal computers. Therefore, security vendors are dedicated to provide the service with more diversity in order to protect their customers from global malicious attacks. Antivirus actively provides a high quality service to protect computer security. However single security vendor may still be confronted with several problems, such as significant detection windows, antivirus self vulnerability, and tedious time consuming tasks on scanning whole system files. Actually, most users may pay closely attention to both the detection rate and the speed of scanning tasks of antivirus software.|
In this thesis, we propose a defense mechanism named CatPaw to resist the intrusion of malware and malicious contents. Windows operating system will be selected as the platform to verify our design. System software or others user applications will be scanned by sending them to VirusTotal on the Internet before executing by operating systems. If the test passes without hesitation, the file can be executed continuously. Real time scanning on VirusTotal can not only provide security service with more reliability and more accurately by using multiple antivirus engines, but also provide 24 hours real time protection for users. Furthermore, scanning the files only triggered by users instead of scanning all the files in the disk by traditional single antivirus software will make it as efficient as possible.
|| "VirusTotal". https://www.virustotal.com/, 2015.|
 "VirusTotal on Wiki". http://en.wikipedia.org/wiki/VirusTotal, 2015.
 "VirusTotal Public API in C". https://github.com/VirusTotal/c-vtapi, 2015.
 P. Bishop, R. Bloomfield, I. Gashi, and V. Stankovic, "Diversity for security: a study with off-the-shelf antivirus engines," in Software Reliability Engineering (ISSRE), 2011 IEEE 22nd International Symposium on pp. 11-19, 2011.
 B. Blunden, The Rootkit Arsenal. Texas: Wordware Publishing, 1969.
 Cyveillance, "Malware Detection Rates for Leading AV Solutions," August 2010.
 J. Gionta, A. Azab, W. Enck, P. Ning, and X. Zhang, "SEER: practical memory virus scanning as a service," in Proceedings of the 30th Annual Computer Security Applications Conference pp. 186-195, 2014.
 J. Haffejee and B. Irwin, "Testing antivirus engines to determine their effectiveness as a security layer," in Information Security for South Africa (ISSA), 2014 pp. 1-6, 2014.
 N. Jogie. "Rootkit Analysis: Hiding SSDT hooks". https://securabit.com/wp-content/uploads/2010/03/Rootkit-Analysis-Hiding-SSDT-Hooks1.pdf, 2010.
 J. Koret, "Breaking Antivirus Software," ed. The Symposium on Security for Asia Network(SyScan), 2014.
 X. Lin, "Survey on cloud based mobile security and a new framework for improvement," in Information and Automation (ICIA), 2011 IEEE International Conference on pp. 710-715, 2011.
 D. Lukan. "Hooking the System Service Dispatch Table (SSDT)". http://resources.infosecinstitute.com/hooking-system-service-dispatch-table-ssdt/, 2014.
 J. M.Hart, Windows系統程式設計 第四版. 台北: 基峰資訊, 2010.
 Microsoft. "Named Pipe Client". https://msdn.microsoft.com/en-us/library/windows/desktop/aa365592%28v=vs.85%29.aspx.
 Microsoft. "Named Pipe Server Using Overlapped I/O". https://msdn.microsoft.com/en-us/library/windows/desktop/aa365603%28v=vs.85%29.aspx.
 J. Oberheide, E. Cooke, and F. Jahanian, "CloudAV: N-Version Antivirus in the Network Cloud," in USENIX Security Symposium pp. 91-106, 2008.
 J. Oberheide, E. Cooke, and F. Jahanian, "Rethinking Antivirus: Executable Analysis in the Network Cloud," in HotSec, 2007.
 M. A. Rajab, L. Ballard, N. Lutz, P. Mavrommatis, and N. Provos, "CAMP: Content-Agnostic Malware Protection," in NDSS, 2013.
 STAMFORD. "Worldwide Security Software Market Grew 5.3 Percent in 2014". http://www.gartner.com/newsroom/id/3062017, 2015.
 G. Vasiliadis, M. Polychronakis, and S. Ioannidis, "MIDeA: a multi-parallel intrusion detection architecture," in Proceedings of the 18th ACM conference on Computer and communications security pp. 297-308, 2011.
 張帆、史彩成, Windows Device Driver Programming驅動程式設計. 台北: 博碩文化, 2009.
 潘愛民, Windows核心原理與實務開發. 台北: 碁峰, 2010.