Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/171747
Title: KUBO: a framework for automated efficacy testing of anti-virus behavioral detection with procedure-based malware emulation
Authors: Pružinec, Jakub
Nguyen, Quynh Anh
Baldwin, Adrian
Griffin, Jonathan
Liu, Yang
Keywords: Engineering::Computer science and engineering
Issue Date: 2022
Source: Pružinec, J., Nguyen, Q. A., Baldwin, A., Griffin, J. & Liu, Y. (2022). KUBO: a framework for automated efficacy testing of anti-virus behavioral detection with procedure-based malware emulation. 13th International Workshop on Automating Test Case Design, Selection and Evaluation (A-TEST 2022), November 2022, 37-44. https://dx.doi.org/10.1145/3548659.3561307
Conference: 13th International Workshop on Automating Test Case Design, Selection and Evaluation (A-TEST 2022)
Abstract: Traditional testing of Anti-Virus (AV) products is usually performed on a curated set of malware samples. While this approach can evaluate an AV's overall performance on known threats, it fails to provide details on the coverage of exact attack techniques used by adversaries and malware. Such coverage information is crucial in helping users understand potential attack paths formed using new code and combinations of known attack techniques. This paper describes KUBO, a framework for systematic large-scale testing of behavioral coverage of AV software. KUBO uses a novel malware behavior emulation method to generate a large number of attacks from combinations of adversarial procedures and runs them against a set of AVs. Contrary to other emulators, our attacks are coordinated by the adversarial procedures themselves, rendering the emulated malware independent of agents and semantically coherent. We perform an evaluation of KUBO on 7 major commercial AVs utilizing tens of distinct attack procedures and thousands of their combinations. The results demonstrate that our approach is feasible, leads to automatic large-scale evaluation, and is able to unveil a multitude of open attack paths. We show how the results can be used to assess general behavioral efficacy and efficacy with respect to individual adversarial procedures.
URI: https://hdl.handle.net/10356/171747
ISBN: 9781450394529
DOI: 10.1145/3548659.3561307
Schools: School of Computer Science and Engineering 
Research Centres: HP-NTU Digital Manufacturing Corporate Lab
Rights: © 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM. All rights reserved.
Fulltext Permission: none
Fulltext Availability: No Fulltext
Appears in Collections:SCSE Conference Papers

Page view(s)

104
Updated on Jun 23, 2024

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.