Abstract
Ph.D. (Computer Science)
Anyone who uses a computer for work or recreational purposes has come across the problem of
malware, for example, viruses, worms, trojans, rootkits, adware etc. This is especially the case if
the computer is connected to the Internet. A number of security organisations and / or vendors such
as the European Union Agency for Network and Information Security (ENISA), Microsoft and
McAfee release annual reports that contain statistics on the latest threats. The reports show that
malware is a growing problem that needs to be addressed [1][2]. Furthermore, organisations such
as AV-Comparatives [3] that conduct independent testing of security software have demonstrated
that no anti-virus product guarantees a 100% detection of malware while keeping the false positive
rate at zero i.e. benign (safe) files that are detected as malicious. Additionally, it should be noted as
per the remarks in the AV-Comparatives report [4], that although some products have 100%
detection rates in a test month report it does not mean the products will always protect against all
existing and unknown viruses (malware). Therefore, this thesis will address the problem that
current anti-malware products do not guarantee a 100% detection and / or prevention of malware.
The main objective of this thesis is to create an architecture called Collab-AV that can be used to
protect the home user from malware by leveraging the aspect of proactive collaboration between
different sources of information and different existing anti-malware vendors thus following a
strength in numbers philosophy. In order to achieve this objective the following approach is taken:
• The different types of malware threats are identified and discussed
• A comprehensive literature study on current and proposed anti-malware techniques is
performed
• Through the comprehensive literature study, the weaknesses and strengths of each antimalware
technique are identified
The Collab-AV architecture incorporates the identified strengths while addressing the identified
weaknesses through collaboration...