Kellie Kercher
Dale C. Rowe
ABSTRACT
Malware is a fast growing threat that consists of software used to disrupt, or impact the confidentiality, availability or integrity of a user's computer experience. Antivirus software can help protect a user against these threats. There are numerous vendors users can choose from for their antivirus protection, each with their own set of virus definitions and various resources that are capable of recognizing new threats. However, there is no established system or process to measure and display data on the performance of antivirus vendors to new malware over an ongoing time period in real time. Such a mechanism would better inform end users of their security options in addition to informing organizations of prevalent threats occurring in networks. In this paper, we propose a cloud sourced malware reporting system that uses distributed agents to assess the performance of antivirus software based on malware signatures.
- "2013 Trustwave Global Security Report." Accessed April 13, 2013. https://www2.trustwave.com/2013GSR-TY.html?aliId=1417176.Google Scholar
- "AV-TEST - The Independent IT-Security Institute: Test Procedures." Accessed April 13, 2013. http://www.av-test.org/en/test-procedures/.Google Scholar
- Aycock, John. Computer Viruses and Malware. Springer, 2006. Google ScholarDigital Library
- Cambridge, Rodney D. "Method and System for Bi-directional Updating of Antivirus Database," July 18, 2006. http://www.google.com/patents?id=OaB6AAAAEBAJ.Google Scholar
- "Comparatives||tests - Reviews - Reports." Accessed April 13, 2013. http://av-comparatives.org/comparativesreviews.Google Scholar
- Garuba, M., Chunmei Liu, and N. Washington. "A Comparative Analysis of Anti-Malware Software, Patch Management, and Host-Based Firewalls in Preventing Malware Infections on Client Computers." In Fifth International Conference on Information Technology: New Generations, 2008. ITNG 2008, 628--632, 2008. doi:10.1109/ITNG.2008.233. Google ScholarDigital Library
- Gashi, I., V. Stankovic, C. Leita, and O. Thonnard. "An Experimental Study of Diversity with Off-the-Shelf AntiVirus Engines." In Eighth IEEE International Symposium on Network Computing and Applications, 2009. NCA 2009, 4--11, 2009. doi:10.1109/NCA.2009.14. Google ScholarDigital Library
- Hodges, Vernon, and Shawn O'Donnell. "Method and System for Providing Automated Updating and Upgrading of ...," March 7, 2000. http://www.google.com/patents?id=TGEDAAAAEBAJ.Google Scholar
- "Internet Security Threat Report." Accessed April 13, 2013. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf.Google Scholar
- Lee, Rob. "Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results" Computer Forensics and Incident Response. Blog, April 9, 2012. http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results.Google Scholar
- Maggi, Federico, Andrea Bellini, Guido Salvaneschi, and Stefano Zanero. "Finding Non-trivial Malware Naming Inconsistencies." In Information Systems Security, 144--159. Springer, 2011. http://link.springer.com/chapter/10.1007/978--3--642--25560--1_10. Google ScholarDigital Library
- Mamaghani, Farrokh. "Evaluation and Selection of an Antivirus and Content Filtering Software." Information Management & Computer Security 10, no. 1 (March 1, 2002): 28--32. doi:10.1108/09685220210417481.Google ScholarCross Ref
- Oberheide, J., E. Cooke, and F. Jahanian. "Rethinking Antivirus: Executable Analysis in the Network Cloud." In 2nd USENIX Workshop on Hot Topics in Security (HotSec 2007), 2007. http://www.usenix.org/event/hotsec07/tech/full_papers/oberheide/oberheide_html/. Google ScholarDigital Library
- Pikoulas, J., W. Buchanan, M. Mannion, and K. Triantafyllopoulos. "An Intelligent Agent Security Intrusion System." In Engineering of Computer-Based Systems, 2002. Proceedings. Ninth Annual IEEE International Conference and Workshop on The, 94--99, 2002. doi:10.1109/ECBS.2002.999827. Google ScholarDigital Library
- Posey, Brien. "Microsoft Exchange Server Security Dos and Don'ts" TechTarget. SearchExchange. Accessed March 18, 2013. http://searchexchange.techtarget.com/feature/Microsoft-Exchange-Server-security-dos-and-donts.Google Scholar
- Sanok, Jr., Daniel J. "An Analysis of How Antivirus Methodologies Are Utilized in Protecting Computers from Malicious Code." In Proceedings of the 2nd Annual Conference on Information Security Curriculum Development, 142--144. InfoSecCD '05. New York, NY, USA: ACM, 2005. doi:10.1145/1107622.1107655. Google ScholarDigital Library
- Sukwong, Orathai, Hyong S. Kim, and James C. Hoe. "Despite the Widespread Use of Antivirus Software, Malware Remains Pervasive. A New Study Compares the Effectiveness of Six Commercial AV Products." Accessed April 13, 2013. http://theone.ece.cmu.edu/papers/94.commercial.2011.compmag.pdf.Google Scholar
- Sycara, K., A. Pannu, M. Willamson, Dajun Zeng, and K. Decker. "Distributed Intelligent Agents." IEEE Expert 11, no. 6 (December 1996): 36--46. doi:10.1109/64.546581. Google ScholarDigital Library
- Tian, Ronghua. An Integrated Malware Detection and Classification System. Deakin University. (2011). Accessed April 24, 2013. http://dro.deakin.edu.au/view/DU:30043244.Google Scholar
- "Why one virus engine is not enough." Accessed April 13, 2013. http://www.gfi.com/whitepapers/why-one-virus-engine-is-not-enough.pdf.Google Scholar
Index Terms
- Using agent technologies to correlate and compare anti-malware software
Recommendations
Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and PrivacyObfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityAlthough anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism ...
The Next Malware Battleground: Recovery After Unknown Infection
Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Comments