- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Antivirus technologies might not be on their last legs, but they could use a second wind, security researchers say.
According to a report published recently by researchers at the University of Michigan’s Electrical Engineering and Computer Science Department and network security company Arbor Networks, antivirus products are inconsistent at best when it comes to identifying attacks such as worms, phishing and botnets. The report is called “Automated Classification and Analysis of Internet Malware.”
“Using a large, recent collection of malware that spans a variety of attack vectors (e.g., spyware, worms, spam), we show that different AV products characterize malware in ways that are inconsistent across AV products, incomplete across malware, and that fail to be concise in their semantics,” the report says.
The report shows that host-based antivirus techniques failed to “detect or provide labels for between 20 and 62 percent of the malware samples.”
The researchers argue that a new classification technique is required that “describes malware behavior in terms of system state changes (e.g., files written, processes created) rather than in sequences or patterns of system calls. To address the sheer volume of malware and diversity of its behavior, we provide a method for automatically categorizing these profiles of malware into groups that reflect similar classes of behaviors and demonstrate how behavior-based clustering provides a more direct and effective way of classifying and analyzing Internet malware.”
The researchers demonstrated the usefulness of this approach during a six-month period on 3,700 malware samples.
Traditional, signature-based antivirus methods for detecting and squelching the growing volumes and variety of viruses and other malware have been termed dead by some industry watchers.
Companies such as McAfee, Symantec and Trend Micro have in fact started to reveal plans to move their security products to the next level through whitelisting and other approaches.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment