Article

An Experimental Study of Diversity with Off-the-Shelf AntiVirus Engines

Authors:

Ilir Gashi,

Vladimir Stankovic,

Corrado Leita,

Olivier ThonnardAuthors Info & Claims

NCA '09: Proceedings of the 2009 Eighth IEEE International Symposium on Network Computing and Applications

Pages 4 - 11

https://doi.org/10.1109/NCA.2009.14

Published: 09 July 2009 Publication History

Publisher Site

Abstract

Fault tolerance in the form of diverse redundancy is well known to improve the detection rates for both malicious and non-malicious failures. What is of interest to designers of security protection systems are the actual gains in detection rates that they may give. In this paper we provide exploratory analysis of the potential gains in detection capability from using diverse AntiVirus products for the detection of self-propagating malware. The analysis is based on 1599 malware samples collected by the operation of a distributed honeypot deployment over a period of 178 days. We sent these samples to the signature engines of 32 different AntiVirus products taking advantage of the VirusTotal service. The resulting dataset allowed us to perform analysis of the effects of diversity on the detection capability of these components as well as how their detection capability evolves in time.

Cited By

View all

Min BVaradharajan VTupakula UHitchens M(2014)Antivirus securitySoftware—Practice & Experience10.1002/spe.219744:10(1201-1222)Online publication date: 1-Oct-2014
https://dl.acm.org/doi/10.1002/spe.2197
Kercher KRowe DDennis HArmitage WFriedman RBaker K(2013)Using agent technologies to correlate and compare anti-malware softwareProceedings of the 2nd annual conference on Research in information technology10.1145/2512209.2512212(17-22)Online publication date: 1-Oct-2013
https://dl.acm.org/doi/10.1145/2512209.2512212
Lalonde Levesque FNsiempba JFernandez JChiasson SSomayaji ASadeghi AGligor VYung M(2013)A clinical study of risk factors related to malware infectionsProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516747(97-108)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516747
Show More Cited By

Recommendations

Antivirus security: naked during updates

The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti-malware research community, development of techniques for evading detection by antivirus software is an active research ...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Antivirus Software Shield Against Antivirus Terminators

In the last several decades, the arms race between malware writers and antivirus programmers has become more and more severe. The simplest way for a computer user to secure his computer is to install antivirus software on his computer. As antivirus ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

NCA '09: Proceedings of the 2009 Eighth IEEE International Symposium on Network Computing and Applications

July 2009

333 pages

ISBN:9780769536989

Publisher

IEEE Computer Society

United States

Publication History

Published: 09 July 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Min BVaradharajan VTupakula UHitchens M(2014)Antivirus securitySoftware—Practice & Experience10.1002/spe.219744:10(1201-1222)Online publication date: 1-Oct-2014
https://dl.acm.org/doi/10.1002/spe.2197
Kercher KRowe DDennis HArmitage WFriedman RBaker K(2013)Using agent technologies to correlate and compare anti-malware softwareProceedings of the 2nd annual conference on Research in information technology10.1145/2512209.2512212(17-22)Online publication date: 1-Oct-2013
https://dl.acm.org/doi/10.1145/2512209.2512212
Lalonde Levesque FNsiempba JFernandez JChiasson SSomayaji ASadeghi AGligor VYung M(2013)A clinical study of risk factors related to malware infectionsProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516747(97-108)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516747
Gashi ISobesto BStankovic VCukier M(2013)Does Malware Detection Improve with Diverse AntiVirus Products? An Empirical StudyProceedings of the 32nd International Conference on Computer Safety, Reliability, and Security - Volume 815310.1007/978-3-642-40793-2_9(94-105)Online publication date: 24-Sep-2013
https://dl.acm.org/doi/10.1007/978-3-642-40793-2_9

Abstract

Cited By

Recommendations

Antivirus security: naked during updates

Malware detection using adaptive data compression

Antivirus Software Shield Against Antivirus Terminators

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations