ABSTRACT
This work performs a deep analysis on the behaviour of Anti-Virus (AV) engines regarding Android malware detection. A large dataset, with more than 80K apk files tagged as Malware by one or many AV engines is used in the analysis. With the help of association rule learning, we show interesting patterns and dependencies between different AV engines.
- P. Bishop, R. Bloomfield, I. Gashi, and V. Stankovic. Diversity for security: A study with off-the-shelf antivirus engines. In IEEE 22nd Int. Symp. on Software Reliability Engineering, 2011. Google ScholarDigital Library
- M. Cukier, I. Gashi, B. Sobesto, and V. Stankovic. Does malware detection improve with diverse antivirus products? an empirical study. In 32nd Int. Conf. on Computer Safety, Reliability and Security. IEEE, 2013. Google ScholarDigital Library
- I. Gashi, B. Sobesto, S. Mason, V. Stankovic, and M. Cukier. A study of the relationship between antivirus regressions and label changes. In IEEE 24th Int. Symp. on Software Reliability Engineering, 2013.Google ScholarCross Ref
- A. Kantchelian, M. C. Tschantz, S. Afroz, B. Miller, V. Shankar, R. Bachwani, A. D. Joseph, and J. Tygar. Better malware ground truth: Techniques for weighting anti-virus vendor labels. In Proceedings of the 8th ACM Workshop on AI and Security, 2015. Google ScholarDigital Library
- Y. Le Traon. On the lack of consensus in anti-virus decisions: Metrics and insights on building ground truths of android malware. In Detection of Intrusions and Malware, and Vulnerability Assessment: DIMVA 2016, San Sebastián, Spain, 2016, Proceedings, volume 9721, page 142. Springer, 2016. Google ScholarDigital Library
- F. Maggi, A. Bellini, G. Salvaneschi, and S. Zanero. Finding non-trivial malware naming inconsistencies. In Int. Conf. on Information Systems Security. Springer, 2011. Google ScholarDigital Library
- P. Vinod, R. Jaipur, V. Laxmi, and M. Gaur. Survey on malware detection methods. In Proceedings of the 3rd Hackers? Workshop on Computer and Internet Security (IITKHACK'09), 2009.Google Scholar
Index Terms
- POSTER: Insights of Antivirus Relationships when Detecting Android Malware: A Data Analytics Approach
Recommendations
Antivirus security: naked during updates
The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti-malware research community, development of techniques for evading detection by antivirus software is an active research ...
An analysis of how antivirus methodologies are utilized in protecting computers from malicious code
InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum developmentAntivirus software utilizes several methodologies in scanning, detecting, and protecting computers and systems from viruses. As understanding increases about the vectors malicious code uses to attack and how antivirus software protects computer systems ...
Machine-Learning based analysis and classification of Android malware signatures
AbstractMulti-scanner Antivirus (AV) systems are often used for detecting Android malware since the same piece of software can be checked against multiple different AV engines. However, in many cases the same software application is flagged as ...
Highlights- Analysis and Normalization of more than 250k Android related multi-scanner malware signatures using SignatureMiner.
Comments