Exploiting an antivirus interface

Authors:
Kevin W. Hamlen;Vishwath Mohan;Mohammad M. Masud;Latifur Khan;Bhavani Thuraisingham
Affiliations:
Computer Science Department, University of Texas at Dallas, 800 W. Campbell Rd., Richardson, Texas 75080, USA;Computer Science Department, University of Texas at Dallas, 800 W. Campbell Rd., Richardson, Texas 75080, USA;Computer Science Department, University of Texas at Dallas, 800 W. Campbell Rd., Richardson, Texas 75080, USA;Computer Science Department, University of Texas at Dallas, 800 W. Campbell Rd., Richardson, Texas 75080, USA;Computer Science Department, University of Texas at Dallas, 800 W. Campbell Rd., Richardson, Texas 75080, USA
Venue:
Computer Standards & Interfaces
Year:
2009

Citing 17
Cited 4

Instance-Based Learning Algorithms

Machine Learning
A training algorithm for optimal margin classifiers

COLT '92 Proceedings of the fifth annual workshop on Computational learning theory
C4.5: programs for machine learning

C4.5: programs for machine learning
Machine learning of rules and trees

Machine learning, neural and statistical classification
Support-Vector Networks

Machine Learning
Computer virus-antivirus coevolution

Communications of the ACM
Machine Learning

Machine Learning
Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Testing malware detectors

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Learning to detect malicious executables in the wild

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense
Data Structures and Algorithms in Java

Data Structures and Algorithms in Java
Normalizing Metamorphic Malware Using Term Rewriting

SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Code Normalization for Self-Mutating Malware

IEEE Security and Privacy
A scalable multi-level feature extraction technique to detect malicious executables

Information Systems Frontiers
Polymorphic worm detection using structural information of executables

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

An online cross view difference and behavior based kernel rootkit detector

ACM SIGSOFT Software Engineering Notes
Cloud-based malware detection for evolving data streams

ACM Transactions on Management Information Systems (TMIS)
Aspect-Oriented runtime monitor certification

TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Design and Implementation of a Data Mining System for Malware Detection

Journal of Integrated Design & Process Science

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector's underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justify the effectiveness of our approach.