Learning regular sets from queries and counterexamples
Information and Computation
An empirical study of the reliability of UNIX utilities
Communications of the ACM
Partition Testing Does Not Inspire Confidence (Program Testing)
IEEE Transactions on Software Engineering
Analyzing Partition Testing Strategies
IEEE Transactions on Software Engineering
On the Relationship Between Partition and Random Testing
IEEE Transactions on Software Engineering
Choosing a testing method to deliver reliability
ICSE '97 Proceedings of the 19th international conference on Software engineering
Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On random and partition testing
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Simplifying failure-inducing input
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
On Comparisons of Random, Partition, and Proportional Partition Testing
IEEE Transactions on Software Engineering
Simplifying and Isolating Failure-Inducing Input
IEEE Transactions on Software Engineering
Art of Software Testing
An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs
ISC '01 Proceedings of the 4th International Conference on Information Security
ICSE '76 Proceedings of the 2nd international conference on Software engineering
Breaking Abstractions and Unstructuring Data Structures
ICCL '98 Proceedings of the 1998 International Conference on Computer Languages
A security architecture for survivability mechanisms
A security architecture for survivability mechanisms
An empirical study of the robustness of Windows NT applications using random testing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Code Normalization for Self-Mutating Malware
IEEE Security and Privacy
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Mining specifications of malicious behavior
ISEC '08 Proceedings of the 1st India software engineering conference
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A static API birthmark for Windows binary executables
Journal of Systems and Software
Enhanced inquiry method for malicious object identification
ACM SIGSOFT Software Engineering Notes
Information Security Tech. Report
Detecting code clones in binary executables
Proceedings of the eighteenth international symposium on Software testing and analysis
A New Approach to Malware Detection
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
How Good Are Malware Detectors at Remediating Infected Systems?
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Exploiting an antivirus interface
Computer Standards & Interfaces
A Sense of `Danger' for Windows Processes
ICARIS '09 Proceedings of the 8th International Conference on Artificial Immune Systems
Malicious web content detection by machine learning
Expert Systems with Applications: An International Journal
Robust signatures for kernel data structures
Proceedings of the 16th ACM conference on Computer and communications security
Design of effective anti-malware system for mobile industrial devices based on windows CE
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 3
Detecting metamorphic malwares using code graphs
Proceedings of the 2010 ACM Symposium on Applied Computing
Preventing privacy-invasive software using collaborative reputation systems
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Using verification technology to specify and detect malware
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
Can we certify systems for freedom from malware
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Modelling metamorphism by abstract interpretation
SAS'10 Proceedings of the 17th international conference on Static analysis
Deriving common malware behavior through graph clustering
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Improving antivirus accuracy with hypervisor assisted analysis
Journal in Computer Virology
Application-level reconnaissance: timing channel attacks against antivirus software
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
On detecting active worms with varying scan rate
Computer Communications
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
Malware analysis with tree automata inference
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Comparing files using structural entropy
Journal in Computer Virology
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Malware: from modelling to practical detection
ICDCIT'10 Proceedings of the 6th international conference on Distributed Computing and Internet Technology
Detecting malicious code by model checking
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Using purpose capturing signatures to defeat computer virus mutating
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
A quantitative study of accuracy in system call-based malware detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Recognizing malicious software behaviors with tree automata inference
Formal Methods in System Design
Randomizing smartphone malware profiles against statistical mining techniques
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Information Sciences: an International Journal
Opcode sequences as representation of executables for data-mining-based unknown malware detection
Information Sciences: an International Journal
ADAM: an automatic and extensible platform to stress test android anti-virus systems
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
DroidChameleon: evaluating Android anti-malware against transformation attacks
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Covert computation: hiding code in code for obfuscation purposes
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Security of public continuous integration services
Proceedings of the 9th International Symposium on Open Collaboration
Malware analysis method using visualization of binary files
Proceedings of the 2013 Research in Adaptive and Convergent Systems
AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Security and protection of SCADA: a bigdata algorithmic approach
Proceedings of the 6th International Conference on Security of Information and Networks
The impact of the antivirus on the digital evidence
International Journal of Electronic Security and Digital Forensics
Hi-index | 0.00 |
In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing techniques for evaluating them. We present a technique based on program obfuscation for generating tests for malware detectors. Our technique is geared towards evaluating the resilience of malware detectors to various obfuscation transformations commonly used by hackers to disguise malware. We also demonstrate that a hacker can leverage a malware detector's weakness in handling obfuscation transformations and can extract the signature used by a detector for a specific malware. We evaluate three widely-used commercial virus scanners using our techniques and discover that the resilience of these scanners to various obfuscations is very poor.