Protection Based on LevelNet and the Dynamic Whitelist
Installed antivirus product: Response Exchange Principles
The client software analyzes the response of antivirus products on users’ devices. Results of the antivirus behavior analysis are sent on the LevelNet network for further processing as well as for deciding the level of a particular threat or threats. The data is transferred between the client nodes and out to the network servers. If for any reason, the LevelNet system perceives response results as a potential or real threat, all users receive information about this software package. This information is distributed between various nodes of the LevelNet network.
Reputational base formation
A novel concept of weighting certain attributes for the determining the Risk Level of potential software packages. This Risk Level is evaluated by the LevelNet system automatically based on the value of a set of factors listed below in descending order of importance:
● antivirus solutions reactions from end-point users
● level of trust that its publisher has
● prevalence within the network
● the number of cases when this software was added to the list of exceptions by end-users
The number of antivirus solutions responses can be obtained both from users’ devices and from internal servers of the LevelNet network. The process of monitoring previously unknown software is ongoing through the LevelNet network.
Scheme of data checking incoming from LevelNet network nodes
The publisher’s credibility depends on three things, their reputation, the duration of their participation in LevelNet, and the popularity of the existing security software they use.The degree of a threat is dynamically indicated. Should the level change for a particular software package, its value is immediately synchronized with all users’ devices within the LevelNet network, thus ensuring the operational update of the threat data.
Endpoint Security App operating modes
The client side software on the end devices works in blocking mode for a software package that is unrecognized by the LevelNet network (this is the operating mode of the application when all previously unknown software via user input is locked to execution). Optionally, White Lists can be enabled, which allows the user of the software to select packages from a whitelist of trusted publishers. Also, the user can depend on the threat level, be able to grant permission to use unknown software, after he/she is prompted via a corresponding warning message/alert.Furthermore, the user can create their list of exceptions, independent from the LevelNet global rules. This function may be useful for both software developers, and regular users who have installed rarely used software, causing groundless “suspicion” from antivirus solutions.
New publisher assessment for the Dynamic Whitelist
Before a new software publisher can become included on the LevelNet Whitelist, they must undergo register and undergo verification procedures.Registration can be performed linked to social network account or via corporate email accounts. Also, supplementary information needs to be provided:
● company website
● type of software
● type of a company
● country and address
● approximate site visits per day
● approximate application downloads per day.
Once the publisher completes registration, a personal dashboard then becomes available for the publisher to enter the next stage, which is to pass the verification in order to be added to the LevelNet Whitelist.
Publisher verification in this particular case means confirmation of the accuracy of the information provided during registration. For the most well-known and popular publishers, the process is streamlined. In this instance, verification is performed by adding a series of verification records to the publishers DNS name servers (Either a CNAME or TXT record). Additionally, for publishers not included in either of the above categories, further proof of identity is required either through a document or credit card, these publishers will then also need to fill out a form with a description of the software.
After passing both procedures (registration and verification), the publisher is then given the opportunity to upload their software package, as well as the opportunity to provide updates to newer versions as they become available. All subsequently uploaded files also undergo an automatic antivirus scan for the potential existence of malicious components.
Our Prototype
Our working prototype is now available for demonstration. It can be easily installed on Mac, Windows or Linux Operating Systems. During one such test (available below) the result was that the malware files were immediately detected and neutralized on all virtual machines. Test demonstration video(subtitles available): https://www.youtube.com/watch?v=fDLfvA9EqNU&t=2sFollow us on social media to get the latest updates and company news.
https://www.facebook.com/levelnetwork/
https://www.instagram.com/levelnetwork/
https://twitter.com/LevelNetwork
https://medium.com/@LevelNetwork
https://www.reddit.com/user/LevelNetwork/
https://steemit.com/@levelnet/