Extended abstract: Toward systematically exploring antivirus engines

Davide Quarta*, Federico Salvioni, Andrea Continella, Stefano Zanero

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)

Abstract

While different works tested antiviruses (AVs) resilience to obfuscation techniques, no work studied AVs looking at the big picture, that is including their modern components (e.g., emulators, heuristics). As a matter of fact, it is still unclear how AVs work internally. In this paper, we investigate the current state of AVs proposing a methodology to explore AVs capabilities in a black-box fashion. First, we craft samples that trigger specific components in an AV engine, and then we leverage their detection outcome and label as a side channel to infer how such components work. To do this, we developed a framework, crAVe, to automatically test and explore the capabilities of generic AV engines. Finally, we tested and explored commercial AVs and obtained interesting insights on how they leverage their internal components.

Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings
EditorsCristiano Giuffrida, Sebastien Bardin, Gregory Blanc
PublisherSpringer Verlag
Pages393-403
Number of pages11
ISBN (Print)9783319934105
DOIs
Publication statusPublished - 1 Jan 2018
Externally publishedYes
Event15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018 - Saclay, France
Duration: 28 Jun 201829 Jun 2018
Conference number: 15

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10885 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018
Abbreviated titleDIMVA 2018
CountryFrance
CitySaclay
Period28/06/1829/06/18

Fingerprint Dive into the research topics of 'Extended abstract: Toward systematically exploring antivirus engines'. Together they form a unique fingerprint.

Cite this