Abstract
The continuous development of evolving malware types creates a need to study and understand how antivirus products detect and alert the user. This paper investigates today's antivirus solutions and how their false positive alerts affect the software development and distribution process, which in the long term could even lead to loss of business. It is discussed and demonstrated how antivirus detection deals with bespoke applications and how this can be reversed and manipulated to evade detection, allowing to be used by malicious software developers. The paper also presents ideas that would enable antivirus products to overcome these detection issues without altering their detection engines but by focusing on the developer's source code submission. The potential lack of essential and in most cases obvious steps in malicious software detection is also examined. The paper concludes that the inconsistencies between different antivirus detection engines along with the introduction of reputation based detection, allows more sophisticated and undetectable malicious software to be created and spread.
| Original language | English |
|---|---|
| Title of host publication | European Conference on Information Warfare and Security, ECCWS |
| Pages | 70-80 |
| Number of pages | 11 |
| Publication status | Published - 2013 |
| Event | 12th European Conference on Information Warfare and Security 2013, ECIW 2013 - Jyvaskyla, Finland Duration: 11 Jul 2013 → 12 Jul 2013 |
Conference
| Conference | 12th European Conference on Information Warfare and Security 2013, ECIW 2013 |
|---|---|
| Country/Territory | Finland |
| City | Jyvaskyla |
| Period | 11/07/13 → 12/07/13 |
Keywords
- Antivirus
- APT
- EMEA
- False positive alerts
- Malware
- Reputation systems
- Software