Internet Archive Scholar

Diversity for Security: A Study with Off-the-Shelf AntiVirus Engines

Peter Bishop, Robin Bloomfield, Ilir Gashi, Vladimir Stankovic
2011 2011 IEEE 22nd International Symposium on Software Reliability Engineering  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (729.7 kB)
https://web.archive.org/web/20180721145849/http://openaccess.city.ac.uk/524/2/ISSRE11_AV_Diversity.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL. The file type is application/pdf.

We have previously reported [1] the results of an exploratory analysis of the potential gains in detection capability from using diverse AntiVirus products. The analysis was based on 1599 malware samples collected from a distributed honeypot deployment over a period of 178 days. The malware samples were sent to the signature engines of 32 different AntiVirus products hosted by the VirusTotal service. The analysis suggested significant gains in detection capability from using more than one
more » ... rus product in a one-out-oftwo intrusion-tolerant setup. In this paper we present new analysis of this dataset to explore the detection gains that can be achieved from using more diversity (i.e. more than two AntiVirus products), how diversity may help to reduce the "at risk time" of a system and a preliminary model-fitting using the hyper-exponential distribution.
doi:10.1109/issre.2011.15 dblp:conf/issre/BishopBGS11 fatcat:phahjgzw5vhufajxydvtsgnake
Citation

Peter Bishop, Robin Bloomfield, Ilir Gashi, Vladimir Stankovic. "Diversity for Security: A Study with Off-the-Shelf AntiVirus Engines." 2011 IEEE 22nd International Symposium on Software Reliability Engineering (2011) 11-19