Server-side detection of malware infection


Event NSPW 09


Jakobsson, Markus
Technical Publications
September 8th 2009
We review the intertwined problems of malware and online fraud, and argue that the fact that service providers often are financially responsible for fraud causes a relative lack of incentives for clients to manage their own security well. This suggests the need for a server-side tool to determine the security posture of clients before letting them transact. We introduce an exceedingly lightweight audit mechanism to address this need -- permitting for post-mortem infection analysis -- and prove its security properties based on standard cryptographic hardness assumptions. We describe a deployment architecture that aligns the incentives of participants in order to facilitate quick adoption and widespread use of the technology. Our approach is flexible enough to protect even low-end computing devices like mobile handsets, which future malware will target heavily, but whose power and bandwidth limitations mean poor effectiveness for traditional anti-virus paradigms. A contribution of independent potential value is the enabling of a centralized analysis of malware-related events. We describe how a centralized view of this type of information enables anomaly-based detection approaches that are not possible in a distributed setting. This approach enables a light-weight early-warning system and is helpful in creating application whitelists.


Jakobsson, M.; Juels, A. Server-side detection of malware infection. Proceedings of the New Security Paradigms Workshop (NSPW 09); 2009 September 8-11; Oxford, UK. New York: ACM; 2009; 11-22.

Additional information

Focus Areas

Our work is centered around a series of Focus Areas that we believe are the future of science and technology.

Licensing & Commercialization Opportunities

We’re continually developing new technologies, many of which are available for¬†Commercialization.


PARC scientists and staffers are active members and contributors to the science and technology communities.