Masquerade Attacks Against Security Software Exclusion Lists

dc.citation.issue4
dc.citation.volume16
dc.contributor.authorMcIntosh T
dc.contributor.authorJang-Jaccard J
dc.contributor.authorWatters P
dc.contributor.authorSusnjak T
dc.date.accessioned2023-11-20T01:37:41Z
dc.date.available2019
dc.date.available2023-11-20T01:37:41Z
dc.date.issued2019
dc.descriptionAustralian Journal of Intelligent Information Processing Systems (AJIIPS) publishes fully open access journals, which means that all articles are available on the internet to all users immediately upon publication. Non-commercial use and distribution in any medium is permitted, provided the author and the journal are properly credited.
dc.description.abstractSecurity software, commonly known as Antivirus, has evolved from simple virus scanners to become multi-functional security suites. To combat ever-growing malware threats, modern security software utilizes both static and dynamic analysis to assess malware threats, inevitably leading to occasional false positive and false negative reports. To mitigate this, existing state-of-the-art security software offers the feature of Exclusion Lists to allow users to exclude specified files and folders from being scanned or monitored. Through rigorous evaluation, however, we found that some of such products stored their Exclusion Lists as unencrypted cleartexts either in known or predictable locations. In this paper we empirically demonstrate how easy it is to exploit the Exclusion Lists by launching masquerade attacks. We argue that the Exclusion Lists should be better implemented such as using application whitelisting, the contents of the lists to be better safeguarded, and only be readable by authorized entities within a strong access control scheme.
dc.description.confidentialfalse
dc.format.extent1 - 1
dc.identifierhttp://ajiips.com.au/
dc.identifier.citationAustralian Journal of Intelligent Information Processing Systems, 2019, 16 (4), pp. 1 - 1
dc.identifier.elements-id443515
dc.identifier.harvestedMassey_Dark
dc.identifier.issn1321-2133
dc.identifier.urihttps://hdl.handle.net/10179/16288
dc.publisherAJIIPS
dc.publisher.urihttp://ajiips.com.au/
dc.relation.isPartOfAustralian Journal of Intelligent Information Processing Systems
dc.rightsCC BY-NC-ND 4.0
dc.subject.anzsrc0801 Artificial Intelligence and Image Processing
dc.subject.anzsrc1702 Cognitive Sciences
dc.titleMasquerade Attacks Against Security Software Exclusion Lists
dc.typeJournal article
pubs.notesNot known
pubs.organisational-group/Massey University
pubs.organisational-group/Massey University/College of Sciences
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
1159010_McIntosh,T_2019.pdf
Size:
2.29 MB
Format:
Adobe Portable Document Format
Description:
Collections