A Study of the Relationship Between Antivirus Regressions and Label Changes

AntiVirus (AV) products use multiple components to detect malware. A component which is found in virtually all AVs is the signature-based detection engine: this component assigns a particular signature label to a malware that the AV detects. In previous analysis [1-3], we observed cases of regressions in several different AVs: i.e. cases where on a particular date a given AV detects a given malware but on a later date the same AV fails to detect the same malware. We studied this aspect further by analyzing the only externally observable behaviors from these AVs, namely whether AV engines detect a malware and what labels they assign to the detected malware. In this paper we present the results of the analysis about the relationship between the changing of the labels with which AV vendors recognize malware and the AV regressions

Diversity with AntiVirus products: Additional empirical studies

In this paper we describe the design of a new set of empirical studies we will run to test the gains in detection capabilities from using diverse AntiVirus products. This new work builds on previous work on this topic reported in [1, 2, 3]. We describe the motivation for this work, how it extends the previous work and what studies we will conduct

Cluster-based Vulnerability Assessment Applied to Operating Systems

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs: Windows, Mac, IOS, and Linux. For the OSs analyzed in terms of curve fitting and prediction capability, our results, compared to a power-law model without clustering issued from a family of SRMs, are more accurate in all cases we analyzed

Strong coupling theory for driven tunneling and vibrational relaxation

We investigate on a unified basis tunneling and vibrational relaxation in driven dissipative multistable systems described by their N lowest lying unperturbed levels. By use of the discrete variable representation we derive a set of coupled non-Markovian master equations. We present analytical treatments that describe the dynamics in the regime of strong system-bath coupling. Our findings are corroborated by ``ab-initio'' real-time path integral calculations.Comment: 4 LaTeX pages including 3 figure

Cluster-based Vulnerability Assessment Applied to Operating Systems

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs: Windows, Mac, IOS, and Linux. For the OSs analyzed in terms of curve fitting and prediction capability, our results, compared to a power-law model without clustering issued from a family of SRMs, are more accurate in all cases we analyzed

Cluster-based Vulnerability Assessment of Operating Systems and Web Browsers

Organizations face the issue of how to best allocate their security resources. Thus, they need an accurate method for assessing how many new vulnerabilities will be reported for the operating systems (OSs) and web browsers they use in a given time period. Our approach consists of clustering vulnerabilities by leveraging the text information within vulnerability records, and then simulating the mean value function of vulnerabilities by relaxing the monotonic intensity function assumption, which is prevalent among the studies that use software reliability models (SRMs) and nonhomogeneous Poisson process (NHPP) in modeling. We applied our approach to the vulnerabilities of four OSs (Windows, Mac, IOS, and Linux) and four web browsers (Internet Explorer, Safari, Firefox, and Chrome). Out of the total eight OSs and web browsers we analyzed using a power-law model issued from a family of SRMs, the model was statistically adequate for modeling in six cases. For these cases, in terms of estimation and forecasting capability, our results, compared to a power-law model without clustering, are more accurate in all cases but one

Interrelationship between serum and sputum inflammatory mediators in chronic obstructive pulmonary disease

Little is known about airway inflammatory markers in chronic obstructive pulmonary disease (COPD). The objective of the present study was to identify and try to correlate pulmonary and peripheral blood inflammatory markers in COPD. In a cross-sectional study on patients with stable COPD, induced sputum and blood samples were collected for the determination of C-reactive protein, eosinophilic cationic protein, serum amyloid A protein, a-1 antitrypsin (a-1AT), and neutrophil elastase. Twenty-two patients were divided into two groups according to post-bronchodilator forced expiratory volume in the first second (%FEV1): group 1 (N = 12, FEV1 <40%) and group 2 (N = 10, FEV1 ³40%). An increase in serum elastase, eosinophilic cationic protein and a-1AT was observed in serum markers in both groups. Cytology revealed the same total number of cells in groups 1 and 2. There was a significantly higher number of neutrophils in group 1 compared to group 2 (P < 0.05). No difference in eosinophils or macrophages was observed between groups. Serum elastase was positively correlated with serum a-1AT (group 1, r = 0.81, P < 0.002 and group 2, r = 0.83, P < 0.17) and negatively correlated with FEV1 (r = -0.85, P < 0.03 and -0.14, P < 0.85, respectively). The results indicate the presence of chronic and persistent pulmonary inflammation in stable patients with COPD. Induced sputum permitted the demonstration of the existence of a subpopulation of cells in which neutrophils predominated. The serum concentration of all inflammatory markers did not correlate with the pulmonary functional impairment

Comparing Detection Capabilities of AntiVirus Products: An Empirical Study with Different Versions of Products from the Same Vendors

In this paper we report results of an empirical analysis of the detection capabilities of 9 AntiVirus (AV) products when they were subjected to 3605 malware samples collected on an experimental network over a period of 31 days in NovemberDecember 2013. We compared the detection capabilities of the version of the AV products that the vendors make available for free in VirusTotal versus the full capability products that they make available via their own website. The analysis has been done using externally observable properties of the AV products: namely whether they detect a given malware. The paper reports extensive analysis of the results. A surprising finding of our study was that only one of the vendors had a full capability version which detected all the malware that their VirusTotal version could detect

AntiVirus and Malware Analysis Tool

We present AVAMAT: AntiVirus and Malware Analysis Tool - a tool for analysing the malware detection capabilities of AntiVirus (AV) products running on different operating system (OS) platforms. Even though similar tools are available, such as VirusTotal and MetaDefender, they have several limitations, which motivated the creation of our own tool. With AVAMAT we are able to analyse not only whether an AV detects a malware, but also at what stage of inspection does it detect it and on what OS. AVAMAT enables experimental campaigns to answer various research questions, ranging from the detection capabilities of AVs on OSs, to optimal ways in which AVs could be combined to improve malware detection capabilities