Diverse protection systems for improving security: a study with AntiVirus engines

Bishop, P. G., Bloomfield, R. E., Gashi, I. & Stankovic, V. (2012). Diverse protection systems for improving security: a study with AntiVirus engines. London, UK: City University London.

[img]
Preview
PDF
Download (1MB) | Preview

Abstract

Diverse “barriers” or “protection systems” are very common in many industries, especially in safety-critical ones where the designers must use “defense in depth” techniques to prevent safety failures. Similar techniques are also commonly prescribed for security systems: using multiple, diverse detection systems to prevent security breaches. However empirical evidence of the effectiveness of diversity is rare. We present results of an empirical study which uses a large-scale dataset to assess the benefits of diversity with an important category of security systems: AntiVirus products. The analysis was based on 1599 malware samples collected from a distributed honeypot deployment over a period of 178 days. The malware samples were sent to the signature engines of 32 different AntiVirus products hosted by the VirusTotal service. We also present an exploratory model which shows that the number of diverse protection layers that are needed to achieve “perfect” detection with our dataset follows an exponential power-law distribution. If this distribution is shown to be generic with other datasets, it would be a cost-effective means for predicting the probability of perfect detection for systems that use a large number of barriers based on measurements made with systems that are composed of fewer (say 2, 3) barriers.

Item Type: Report
Uncontrolled Keywords: Fault-tolerance, security and privacy protection, security assessment, Anti-virus engines, empirical assessment
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: School of Informatics > Centre for Software Reliability
URI: http://openaccess.city.ac.uk/id/eprint/1526

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics