Exploiting an antivirus interface |
| |
Authors: | Kevin W Vishwath Mohammad M Latifur Bhavani |
| |
Affiliation: | aComputer Science Department, University of Texas at Dallas, 800 W. Campbell Rd., Richardson, Texas 75080, USA |
| |
Abstract: | We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector's underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justify the effectiveness of our approach. |
| |
Keywords: | Security Signature-based malware detection Data mining Binary obfuscation |
本文献已被 ScienceDirect 等数据库收录! |