Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analyzing Malware Detection Effectiveness with Multiple Anti- Malware Programs Shouhuai Xu UTSA Ravi Sandhu UTSA Jose A. Morales CMU.

Published byJemima Clark Modified over 10 years ago

Similar presentations

Presentation on theme: "Analyzing Malware Detection Effectiveness with Multiple Anti- Malware Programs Shouhuai Xu UTSA Ravi Sandhu UTSA Jose A. Morales CMU."— Presentation transcript:

1 Analyzing Malware Detection Effectiveness with Multiple Anti- Malware Programs Shouhuai Xu CS @ UTSA Ravi Sandhu ICS @ UTSA Jose A. Morales SEI @ CMU

2 Roadmap  Motivation  Experimental Methodology  Experimental Results  Summary

3 Motivation  We all are victims of computer malware.  We all use anti-malware programs.  Most of us, if not all, use a single anti- malware program (for economic reason).

4 Motivation (cont.)  Is one anti-malware program sufficient?  If not, how many?  How critical is it to install anti-malware program in clean state?

5 The Ideal  Ideally, an anti-malware program can detect and clean all malwares in a system (undecidability!)  An anti-malware program C 1 is competent if for every input S=S 0 it holds that after applying C 1, no others can detect any more malware.  Caveat: What is the ground truth?

6 The Reality  The above idea can be extended to multiple programs that work collectively.  Incompetence can be caused by  Incompetent detection  Incompetent cleaning up

7 Experiment 1: Install Anti-Malware Programs in Clean State Caveat: some malware may not do bad things until after running for more than 3 minutes or upon detecting the presence of VM

8 Experiment 2: Install Anti-Malware Programs in Possibly Compromised State Caveat: some malware may not do bad things until after running for more than 3 minutes or upon detecting the presence of VM

9 Experiments Setup  Tested two sets of 3 anti-malware programs:  1 st set: ESET, AVG, Zonealarm  2 nd set: Kaspersky, G-data, Bitdefender  Tested all permutations of each set: 3!=6  Experiments c arried out in Vmware  Running Windows 7 OS freshly installed to assure clean-state environment

10 Experiments Setup (cont.)  500 malware samples  worms, rootkits, bots, backdoors, password stealers, malware downloaders

11 Experimental Results Among the 500 malwares, the numbers of malwares detected & cleaned by the anti-malware programs.  Using multiple anti-malware programs does increase detection and cleaning up capability, despite some kind of diminishing return  Sometimes 3 anti-malware programs may not be sufficient (need to be verified by 4 th anti-malware program)

12 Experimental Results Among the 500 malwares, the numbers of malwares detected & cleaned by the anti-malware programs.  Make sure anti-malware program installed in clean state  Anti-malware program installed in already compromised systems have high false- negatives  Tested anti-malware progams seem to lack a self-defense mechanisms  Malware running in a system may block access to resources needed by anti-malware

13 How Many Anti-Malware Tools Are Sufficient?  Based on experimental results (based on 500 malware samples only):  1 is occasionally ok  2 minimum for low protection  3+ for medium+ protection

14 Summary  Current individual anti-malware programs do not provide sufficient protection  Despite some anti-malware programs worked well with the 500 malware samples  Using multiple anti-malware programs together can improve protection  Need to test with much larger malware sets

15 The Challenge  Implication: Current anti-malware technology is not sufficient  We need revolutionary technology in combating malware  We have to  How?  Things can be worse: Our another study showed that there are malwares that can evade perhaps all anti-malware programs

16 Thanks! Questions or Comments?

Download ppt "Analyzing Malware Detection Effectiveness with Multiple Anti- Malware Programs Shouhuai Xu UTSA Ravi Sandhu UTSA Jose A. Morales CMU."

Similar presentations

Analyzing DNS Activities of Bot Processes Dr. Jose Andre Morales Areej Al-Bataineh Dr. Shouhuai Xu Dr.Ravi Sandhu 4th International Conference on Malicious.

Analyzing DNS Activities of Bot Processes Dr. Jose Andre Morales Areej Al-Bataineh Dr. Shouhuai Xu Dr.Ravi Sandhu 4th International Conference on Malicious.
Meaning Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge.

Meaning Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge.
Reuel A. Morales (Sr. Security Analyst, APAC-RTL) 04.29.2008 APAC RTL Clean Tool v5.0 Solution.

Reuel A. Morales (Sr. Security Analyst, APAC-RTL) APAC RTL Clean Tool v5.0 Solution.
A Comprehensive Study for RFID Malwares on Mobile Devices TBD.

A Comprehensive Study for RFID Malwares on Mobile Devices TBD.
UNCLASSIFIED © 2011 Carnegie Mellon University Building Malware Infection Trees Jose Andre Morales 1, Michael Main 2, Weilang Luo 3, Shouhuai Xu 2,3, Ravi.

UNCLASSIFIED © 2011 Carnegie Mellon University Building Malware Infection Trees Jose Andre Morales 1, Michael Main 2, Weilang Luo 3, Shouhuai Xu 2,3, Ravi.
Analyzing Malware Detection Efficiency with Multiple Anti-Malware Programs Dr. Jose A. Morales – Software Engineering Institute, Carnegie Mellon University.

Analyzing Malware Detection Efficiency with Multiple Anti-Malware Programs Dr. Jose A. Morales – Software Engineering Institute, Carnegie Mellon University.
Warren Toomey North Coast TAFE Port Macquarie campus

Warren Toomey North Coast TAFE Port Macquarie campus
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
What Is Malwarebytes? Malwarebytes is a free anti- malware program. Anti-malware programs are specifically designed to find and remove malware on your.

What Is Malwarebytes? Malwarebytes is a free anti- malware program. Anti-malware programs are specifically designed to find and remove malware on your.
DiscussionCS-502 Fall 20061 Class Discussion Peterson’s Solution for n > 2.

DiscussionCS-502 Fall Class Discussion Peterson’s Solution for n > 2.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd.

EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Evaluating Detection & Treatment Effectiveness of Commercial Anti-Malware Programs Jose Andre Morales, Ravi Sandhu, Shouhuai Xu Institute for Cyber Security.

Evaluating Detection & Treatment Effectiveness of Commercial Anti-Malware Programs Jose Andre Morales, Ravi Sandhu, Shouhuai Xu Institute for Cyber Security.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information
Introduction Overview Static analysis Memory analysis Kernel integrity checking Implementation and evaluation Limitations and future work Conclusions.

Introduction Overview Static analysis Memory analysis Kernel integrity checking Implementation and evaluation Limitations and future work Conclusions.
Malware Adware Removal Best Free Malware Virus Protection Best Free Malware Adware Removal Service Best free Anti Spyware Removal Service Best free Trojan.

Malware Adware Removal Best Free Malware Virus Protection Best Free Malware Adware Removal Service Best free Anti Spyware Removal Service Best free Trojan.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
The Semantic Gap Challenge Stealthy Malware Detection Through VMM-Based “Out-of-the-Box” Semantic View Reconstruction November 2007 ACM: Association for.

The Semantic Gap Challenge Stealthy Malware Detection Through VMM-Based “Out-of-the-Box” Semantic View Reconstruction November 2007 ACM: Association for.
Stealthy Malware Detection Through VMM-based “Out-of-the-Box” Semantic View Reconstruction CCS’07, Alexandria, VA, Oct 29 – Nov 2, 2007 Xuxian Jiang, Xinyuan.

Stealthy Malware Detection Through VMM-based “Out-of-the-Box” Semantic View Reconstruction CCS’07, Alexandria, VA, Oct 29 – Nov 2, 2007 Xuxian Jiang, Xinyuan.

Similar presentations

Ads by Google