Exploiting an antivirus interface

Kevin W. Hamlen, Vishwath Mohan, Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham

Research output: Contribution to journalArticlepeer-review

24 Citations (Scopus)

Abstract

We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector's underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justify the effectiveness of our approach.

Original languageEnglish
Pages (from-to)1182-1189
Number of pages8
JournalComputer Standards and Interfaces
Volume31
Issue number6
DOIs
Publication statusPublished - Nov 2009
Externally publishedYes

Keywords

  • Binary obfuscation
  • Data mining
  • Security
  • Signature-based malware detection

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Law

Fingerprint

Dive into the research topics of 'Exploiting an antivirus interface'. Together they form a unique fingerprint.

Cite this