Welcome to the InfoSci Platform
Reference Hub1
Limitations of Current Anti-Virus Scanning Technologies

Limitations of Current Anti-Virus Scanning Technologies

Srinivas Mukkamala
Copyright: © 2007 |Pages: 20
ISBN13: 9781599040905|ISBN10: 1599040905|EISBN13: 9781599040929
DOI: 10.4018/978-1-59904-090-5.ch010
Cite Chapter Cite Chapter

MLA

Mukkamala, Srinivas. "Limitations of Current Anti-Virus Scanning Technologies." Advances in Enterprise Information Technology Security, edited by Djamel Khadraoui and Francine Herrmann, IGI Global, 2007, pp. 190-209. https://doi.org/10.4018/978-1-59904-090-5.ch010

APA

Mukkamala, S. (2007). Limitations of Current Anti-Virus Scanning Technologies. In D. Khadraoui & F. Herrmann (Eds.), Advances in Enterprise Information Technology Security (pp. 190-209). IGI Global. https://doi.org/10.4018/978-1-59904-090-5.ch010

Chicago

Mukkamala, Srinivas. "Limitations of Current Anti-Virus Scanning Technologies." In Advances in Enterprise Information Technology Security, edited by Djamel Khadraoui and Francine Herrmann, 190-209. Hershey, PA: IGI Global, 2007. https://doi.org/10.4018/978-1-59904-090-5.ch010

Export Reference

Mendeley
Favorite

Abstract

Malware has become more lethal by using multiple attack vectors to exploit both known and unknown vulnerabilities and can attack prescanned targets with lightning speed. In the future, it is important that the scanners are capable of detecting polymoraphic (obfuscated or variant) and metamorphic (mutated or evolved) versions of malware, however current scanning techniques for malware detection have serious limitations. Simple software obfuscation a general technique that is used to protect the software from reverse engineering techniques can circumvent the current detection mechanisms (anti-virus tools). In this chapter, we describe common attacks on anti-virus tools and a few obfuscation techniques applied to recent viruses that were used to thwart commercial grade anti-virus tools. Similarities among different malware and their variants are also presented in this chapter. The signature used in this method is the percentage of application programming interface (APIs) appearing in the malware type. The hypothesis is that mutants and variants will not stray far from the original. Table 5 shows serious limitations of commercial grade anti-virus scanners in detecting simple obfuscation attacks. Table 6 shows the percentages of similarity of a particular malware when compared to others. One important thing to note is that even the polymorphic ZMist uses the same set of APIs on all three variants.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.