Abstract
We present results of an empirical study to evaluate the detection capability of diverse AntiVirus products (AVs). We used malware samples collected in a geographically distributed honeypot deployment in several different countries and organizations. The malware was collected in August 2012: the results are relevant to recent and current threats observed in the Internet. We sent these malware to 42 AVs available from the VirusTotal service to evaluate the benefits in detection from using more than one AV. We then compare these findings with similar ones performed in the past to evaluate effectiveness of diversity with AVs. In general we found that the new findings are consistent with previous ones, despite some differences. This study provides additional evidence that detection capabilities are improved by diversity with AVs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
van der Meulen, M.J.P., Riddle, S., Strigini, L., Jefferson, N.: Protective Wrapping of Off-the-Shelf Components. In: Franch, X., Port, D. (eds.) ICCBSS 2005. LNCS, vol. 3412, pp. 168–177. Springer, Heidelberg (2005)
Strigini, L.: Fault Tolerance against Design Faults. In: Diab, H., Zomaya, A. (eds.) Dependable Computing Systems: Paradigms, Performance Issues, and Applications, pp. 213–241. J. Wiley & Sons (2005)
Oberheide, J., Cooke, E., Jahanian, F.: Cloudav: N-Version Antivirus in the Network Cloud. In: The 17th USENIX Security Symposium, pp. 91–106 (2008)
GFi. Gfimaildefence Suite, http://www.gfi.com/maildefense/ (last checked 2013)
VirusTotal. Virustotal - a Service for Analysing Suspicious Files, http://www.virustotal.com/sobre.html (last checked 2013)
Bishop, P., Bloomfield, R., Gashi, I., Stankovic, V.: Diversity for Security: A Study with Off-the-Shelf Antivirus Engines. In: The 22nd IEEE International Symposium on Software Reliability Engineering (ISSRE 2011), pp. 11–19 (2011)
Bishop, P.G., Bloomfield, R.E., Gashi, I., Stankovic, V.: Diverse Protection Systems for Improving Security: A Study with Antivirus Engines. City University London, London (2012)
Gashi, I., Leita, C., Thonnard, O., Stankovic, V.: An Experimental Study of Diversity with Off-the-Shelf Antivirus Engines. In: The 8th IEEE Int. Symp. on Network Computing and Applications (NCA 2009), pp. 4–11 (2009)
Schneider, F.: Blueprint for a Science of Cybersecurity. The Next Wave 19(2), 47–57 (2012)
Sukwong, O., Kim, H.S., Hoe, J.C.: Commercial Antivirus Software Effectiveness: An Empirical Study. IEEE Computer 44(3), 63–70 (2011)
Cukier, M., Gashi, I., Sobesto, B., Stankovic, V.: Technical report: Does Malware Detection Improve with Diverse Antivirus Products? An Empirical Study (2013), http://www.csr.city.ac.uk/people/ilir.gashi/SAFECOMP2013/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gashi, I., Sobesto, B., Stankovic, V., Cukier, M. (2013). Does Malware Detection Improve with Diverse AntiVirus Products? An Empirical Study. In: Bitsch, F., Guiochet, J., Kaâniche, M. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2013. Lecture Notes in Computer Science, vol 8153. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40793-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-40793-2_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40792-5
Online ISBN: 978-3-642-40793-2
eBook Packages: Computer ScienceComputer Science (R0)