University of Hertfordshire

By the same authors

The issues of software being classified as malicious by antivirus false positive alerts

Research output: Chapter in Book/Report/Conference proceedingConference contribution

View graph of relations
Original languageEnglish
Title of host publicationEuropean Conference on Information Warfare and Security, ECCWS
Pages70-80
Number of pages11
Publication statusPublished - 2013
Event12th European Conference on Information Warfare and Security 2013, ECIW 2013 - Jyvaskyla, Finland
Duration: 11 Jul 201312 Jul 2013

Conference

Conference12th European Conference on Information Warfare and Security 2013, ECIW 2013
CountryFinland
CityJyvaskyla
Period11/07/1312/07/13

Abstract

The continuous development of evolving malware types creates a need to study and understand how antivirus products detect and alert the user. This paper investigates today's antivirus solutions and how their false positive alerts affect the software development and distribution process, which in the long term could even lead to loss of business. It is discussed and demonstrated how antivirus detection deals with bespoke applications and how this can be reversed and manipulated to evade detection, allowing to be used by malicious software developers. The paper also presents ideas that would enable antivirus products to overcome these detection issues without altering their detection engines but by focusing on the developer's source code submission. The potential lack of essential and in most cases obvious steps in malicious software detection is also examined. The paper concludes that the inconsistencies between different antivirus detection engines along with the introduction of reputation based detection, allows more sophisticated and undetectable malicious software to be created and spread.

ID: 9587906