City Research Online

Does Malware Detection Improve With Diverse AntiVirus Products? An Empirical Study

Cukier, M., Gashi, I., Sobesto, B. and Stankovic, V. (2013). Does Malware Detection Improve With Diverse AntiVirus Products? An Empirical Study. Paper presented at the 32nd International Conference on Computer Safety, Reliability and Security (SAFECOMP), 24- - 27 September 2013, Toulouse, France.

Abstract

We present results of an empirical study to evaluate the detection ca-pability of diverse AntiVirus products (AVs). We used malware samples collected in a geographically distributed honeypot deployment in several different countries and organizations. The malware was collected in August 2012: the results are relevant to recent and current threats observed in the internet. We sent these malware to 42 AVs available from the VirusTotal service to evaluate the benefits in detection from using more than one AV. We then compare these findings with similar ones performed in the past to evaluate diversity with AVs. In general we found that the new findings are consistent with previous ones, despite some differences. This study provides additional evidence that detection capabilities are improved by diversity with AVs.

Publication Type: Conference or Workshop Item (Paper)
Subjects: Q Science > QA Mathematics > QA76 Computer software
Departments: School of Mathematics, Computer Science & Engineering > Computer Science > Software Reliability
URI: http://openaccess.city.ac.uk/id/eprint/2338
[img]
Preview
Text - Accepted Version
Download (486kB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login