Testing and evaluating virus detectors for handheld devices
Tóm tắt
The widespread use of personal digital assistants and smartphones gives securing these devices a high priority. Yet little attention has been placed on protecting handheld devices against viruses. Currently available antivirus software for handhelds is few in number. At this stage, the opportunity exists for the evaluation and improvement of current solutions. By pinpointing weaknesses in the current antivirus software, improvements can be made to properly protect these devices from a future tidal wave of viruses. This research evaluates four currently available antivirus solutions for handheld devices. A formal model of virus transformation that provides transformation traceability is presented. Two sets of ten tests each were administered; nine tests from each set involved the modification of source code of two known viruses for handheld devices. The testing techniques used are well established in PC testing; thus the focus of this research is solely on handheld devices. Statistical analysis of the test results show high false negative production rates for the antivirus software and an overall false negative production rate of 47.5% with a 95% confidence interval between 36.6% and 58.4%. This high rate shows that current solutions poorly identify modified versions of a virus. The virus is left undetected and capable of spreading, infecting and causing damage.
Tài liệu tham khảo
Conry-Murray, A.: Behavior blocking stops unknown malicious code. Netw. Mag. (2002) http://www.networkmagazine.com
Marx, A.: A guideline to anti-malware-software testing. In: European Institute for Computer Anti-Virus Research (EICAR) 2000 Best Paper Proceedings, 2000. pp. 218–253.
Morales, J.A., Clarke, P.J., Deng, Y.: Testing and evaluation of virus detectors for handheld devices. In: The Proceedings of NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM), pp. 67–74 (2004)
citation_journal_title=Commun. ACM; citation_title=Computer virus-antivirus coevolution; citation_author=C. Nachenberg; citation_volume=40; citation_issue=1; citation_publication_date=1997; citation_pages=46-51; citation_doi=10.1145/242857.242869; citation_id=CR4
Nachenberg, C.: Behavior blocking: the next step in anti-virus protection. Security Focus, March (2002) http://www.securityfocus.com/infocus/1557
Ntafos, S.C.: On random and p1artition testing. In: ISSTA ’98: Proceedings of the 1998 ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 42–48 ACM Press, New York (1998). http://doi.acm. org/10.1145/271771.271785
Peikari, C., Fogie S., Ratter/29A.: Details emerge on the first windows mobile virus. informit.com (2004) http://www.informit.com/articles/article.asp?p=337069.
Peikari, C., Fogie, S., Ratter/29A, Read, J.: Reverse engineering the first pocket pc trojan. Sams Publishing (2004) http://www.samspublishing.com/articles/article.asp?p=340544.
Symantec antivirus research center: http://securityresponse.symantec.com/avcenter/
Denning, D.: Cyberterrorism testimony before the special oversight panel of terrorism committee on armed services, house of representatives, May (2000) http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html
Mackey D., Gossels J., Johnson, B.C.: Securing your handheld devices. The ISSA Journal, April (2004). http://www.systemexperts.com/tutors/ISSAHandheldArticle.pdf
citation_title=Computer Viruses: from Theory to Applications; citation_publication_date=2005; citation_id=CR12; citation_author=E. Filiol; citation_publisher=IRIS International series, Springer
Filiol, E.: Malware pattern scanning schemes secure against black box analysis. J. Comput. Virol., EICAR 2006 Special Issue, (2), 1 (2006)
Messmer, E.: Behavior blocking repels new viruses. Network World Fusion, January (2002) http://www.nwfusion.com/news/2002/0128antivirus.html
Cohen, F.: A Short Course on Computer Viruses. Wiley Professional Computing (1994). ISBN 0-471-00769-2
citation_journal_title=ACM Trans. Inf. Syst. Security; citation_title=Enforceable security policies; citation_author=F. Schneider; citation_volume=3; citation_issue=1; citation_publication_date=2000; citation_pages=30-50; citation_doi=10.1145/353323.353382; citation_id=CR16
Vahid, F., Givargis, T.: Embedded System Design a Unified Hardware/Software Introduction. Wiley (2002) ISBN 0-471-38678-2
Francia, G.: Embedded system programming. J Comput Sci Colleges 17(2), (2001)
citation_title=Biostatistical Analysis; citation_publication_date=1999; citation_id=CR19; citation_author=J.H. Zar; citation_publisher=Prentice-Hall
citation_journal_title=ACM Comput. Surve.; citation_title=Software unit test coverage and adequacy; citation_author=H. Zhu, P. Hall, J. May; citation_volume=29; citation_issue=4; citation_publication_date=1997; citation_pages=366-427; citation_doi=10.1145/267580.267590; citation_id=CR20
Ibm research. virus timeline. http://www.research.ibm.com/ antivirus/timeline.htm
Myers, G.J. The Art of Software Testing. Wiley (2004). Second edition, ISBN 0-471-46912-2
Sheaffer, R.L., McClave J.T.: Probability and Statistics for Engineers. International Thomson Publishing and Wadsworth Publishing Company (1996) Fourth edition, ISBN 0-534-20964-5
Christodorescu, M., Jha, S.: Testing malware detectors. ISSTA ’04: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 34–44 (2004) http://doi.acm.org/10.1145/1007512.1007518
National vulnerability database. http://nvd.nist.gov/
Singh, P., Lakhotia, A.: Analysis and detection of computer viruses and worms: an annotated bibliography. In: ACM SIGPLAN Notices, Vol.37, pp. 29–35 (2002) http://doi. acm.org/10.1145/568600.568608
Szor, P.: The Art of Computer Virus Research and Defense. Symantec Press and Addison-Wesley (2005). ISBN 9-780321-304544
Symantec Security White Paper: Wireless handheld and smartphone security. Technical report, Symantec Corporation (2003). http://www.symantec.com
Ford, R.: The wrong stuff? IEEE Security Privacy (2004)
Fogie, S.: Pocket pc abuse: to protect and destroy. In: Black Hat USA (2004) http://www.airscanner.com/pubs/BlackHat2004.pdf
citation_journal_title=Commun ACM; citation_title=Are handheld viruses a significant threat?; citation_author=S. Foley, R. Dumigan; citation_volume=44; citation_issue=1; citation_publication_date=2001; citation_pages=105-107; citation_doi=10.1145/357489.357516; citation_id=CR31
Gordon, S., Howard, F.: Antivirus software testing for the new millennium. In: Proceedings of National Information Systems Security Conference (NISSC), (2000). http://csrc.nist.gov/nissc/2000/proceedings/papers/038.pdf
Gordon, S., Ford, R.: Real world anti-virus product reviews and evaluations - the current state of affairs. In: Proceedings of the 1996 National Information Systems Security Conference (1996)
Gordon, S., Ford, R.: Computer crime revisited: the evolution of definition and classification. In: European Institute for Computer Anti-Virus Research (EICAR) (2006)
Stata release 9.0. Stata Corporation (1999); College Station, Texas
Winrar. http://www.win-rar.com/