Testing antivirus engines to determine their effectiveness as a security layer

Abstract

This research has been undertaken to empirically test the assumption that it is trivial to bypass an antivirus application and to gauge the effectiveness of antivirus engines when faced with a number of known evasion techniques. A known malicious binary was combined with evasion techniques and deployed against several antivirus engines to test their detection ability. The research also documents the process of setting up an environment for testing antivirus engines as well as building the evasion techniques used in the tests. This environment facilitated the empirical testing that was needed to determine if the assumption that antivirus security controls could easily be bypassed. The results of the empirical tests are also presented in this research and demonstrate that it is indeed within reason that an attacker can evade multiple antivirus engines without much effort. As such while an antivirus application is useful for protecting against known threats, it does not work as effectively against unknown threats.

DOI: 10.1109/ISSA.2014.6950496

Extracted Key Phrases

Cite this paper

@article{Haffejee2014TestingAE, title={Testing antivirus engines to determine their effectiveness as a security layer}, author={Jameel Haffejee and Barry Irwin}, journal={2014 Information Security for South Africa}, year={2014}, pages={1-6} }