Abstract | ||
---|---|---|
AntiVirus (AV) products use multiple components to detect malware. A component which is found in virtually all AVs is the signature-based detection engine: this component assigns a particular signature label to a malware that the AV detects. In previous analysis [1-3], we observed cases of regressions in several different AVs: i.e. cases where on a particular date a given AV detects a given malware but on a later date the same AV fails to detect the same malware. We studied this aspect further by analyzing the only externally observable behaviors from these AVs, namely whether AV engines detect a malware and what labels they assign to the detected malware. In this paper we present the results of the analysis about the relationship between the changing of the labels with which AV vendors recognize malware and the AV regressions. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/ISSRE.2013.6698897 | ISSRE |
Keywords | Field | DocType |
invasive software,program diagnostics,regression analysis,antivirus products,antivirus regressions,label changes,malware detection,signature-based detection engine,antivirus,empirical analysis,intrusion detection,malware,security assessment | Computer security,Computer science,Malware,Intrusion detection system,Security assessment | Conference |
ISSN | Citations | PageRank |
1071-9458 | 1 | 0.36 |
References | Authors | |
0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ilir Gashi | 1 | 171 | 17.20 |
Bertrand Sobesto | 2 | 12 | 2.71 |
Stephen Mason | 3 | 1 | 0.70 |
Vladimir Stankovic | 4 | 54 | 6.10 |
Michel Cukier | 5 | 668 | 54.60 |