Making with Milvus: Detecting Android Viruses in Real Time for Trend Micro

Cybersecurity is a growing concern, with 86% of companies expressing data privacy concerns in 2020. Trend Micro, a global leader in hybrid cloud security, has developed an Android virus detection system called Trend Micro Mobile Security to protect users from malware. The system compares APKs (Android application packages) from the Google Play Store with a database of known malware using similarity search. Initially, Trend Micro used MySQL for its virus detection system but quickly outgrew it as the number of APKs with nefarious code in its database increased. Trend Micro then began searching for alternative vector similarity search solutions and eventually chose Milvus, an open-source vector database created by Zilliz. Milvus is highly flexible, reliable, and fast, offering a comprehensive set of intuitive APIs that allow developers to choose the ideal index type for their scenario. It also provides distributed solutions and monitoring services. Trend Micro's mobile security system uses Thash values to differentiate APKs and Thash values for vector similarity retrieval. Milvus is used to conduct instantaneous vector similarity search on massive vector datasets converted from Thash values, with corresponding Sha256 values queried in MySQL. The system architecture also includes a Redis caching layer to map Thash values to Sha256 values, significantly reducing query time. The monitoring and alert system for Trend Micro's mobile security system is compatible with Prometheus and uses Grafana to visualize various performance metrics. With the help of Milvus, the system performance was able to meet the performance criteria set by Trend Micro.