Paper Info
Title
A study of the relationship between antivirus regressions and label changes.
Abstract
AntiVirus (AV) products use multiple components to detect malware. A component which is found in virtually all AVs is the signature-based detection engine: this component assigns a particular signature label to a malware that the AV detects. In previous analysis [1-3], we observed cases of regressions in several different AVs: i.e. cases where on a particular date a given AV detects a given malware but on a later date the same AV fails to detect the same malware. We studied this aspect further by analyzing the only externally observable behaviors from these AVs, namely whether AV engines detect a malware and what labels they assign to the detected malware. In this paper we present the results of the analysis about the relationship between the changing of the labels with which AV vendors recognize malware and the AV regressions.
Year
DOI
Venue
2013
10.1109/ISSRE.2013.6698897
ISSRE
Keywords
Field
DocType
invasive software,program diagnostics,regression analysis,antivirus products,antivirus regressions,label changes,malware detection,signature-based detection engine,antivirus,empirical analysis,intrusion detection,malware,security assessment
Computer security,Computer science,Malware,Intrusion detection system,Security assessment
Conference
ISSN
Citations 
PageRank 
1071-9458
1
0.36
References 
Authors
0
5
Name
Order
Citations
PageRank
Ilir Gashi117117.20
Bertrand Sobesto2122.71
Stephen Mason310.70
Vladimir Stankovic4546.10
Michel Cukier566854.60