Among the many “as a service” functions of the cloud, one of the least explored is the use of the cloud’s computational power to detect malware. This paper discusses the state of the art of this service. The survey analyzes only experimental approaches that provide a complete service, and describes the work of eight research groups that together offer a good picture of the research in this area. Only signature-based approaches are considered; as the authors indicate, behavioral detection techniques are now too difficult to perform in the cloud due to the inability of this environment to reproduce the actual execution environment of the malware.
The survey results in a list of the advantages of using clouds for this function, as well as the disadvantages. Among the advantages are the possibility of running multiple anti-malware engines, to add any number of detection engines, and ease of deployment. In particular, these advantages are significant for portable devices, which do not have large computational power. However, there are also significant disadvantages, such as an increase in false positives and detection time, and others.
To mitigate these problems, the authors propose an architecture that applies first a lightweight anti-malware engine (LWE), and if this fails to find malware, it applies several cloud-based engines to detect the possible malware. The authors intend to implement their idea and evaluate it experimentally; readers will have to wait until then to see how effective it is. The paper is clear and may interest researchers in malware detection.