Testing antivirus engines to determine their effectiveness as a security layer
暂无分享,去创建一个
This research has been undertaken to empirically test the assumption that it is trivial to bypass an antivirus application and to gauge the effectiveness of antivirus engines when faced with a number of known evasion techniques. A known malicious binary was combined with evasion techniques and deployed against several antivirus engines to test their detection ability. The research also documents the process of setting up an environment for testing antivirus engines as well as building the evasion techniques used in the tests. This environment facilitated the empirical testing that was needed to determine if the assumption that antivirus security controls could easily be bypassed. The results of the empirical tests are also presented in this research and demonstrate that it is indeed within reason that an attacker can evade multiple antivirus engines without much effort. As such while an antivirus application is useful for protecting against known threats, it does not work as effectively against unknown threats.
[1] H. S. Kim,et al. Commercial Antivirus Software Effectiveness: An Empirical Study , 2011, Computer.
[2] Farnam Jahanian,et al. CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.
[3] Mark Baggett,et al. Effectiveness of Antivirus in Detecting Metasploit Payloads , 2008 .
[4] Boniface Kayode Alese,et al. Modeling Attacker-Defender Interaction as a Zero-Sum Stochastic Game , 2013 .