La Trobe
1159010_McIntosh,T_2019.pdf (2.29 MB)

Masquerade attacks against security software exclusion lists

Download (2.29 MB)
journal contribution
posted on 2021-03-03, 01:31 authored by Timothy McIntoshTimothy McIntosh, J Jang-Jaccard, Paul WattersPaul Watters, T Susnjak

Security software, commonly known as Antivirus, has evolved from simple virus scanners to become multi-functional security suites. To combat ever-growing malware threats, modern security software utilizes both static and dynamic analysis to assess malware threats, inevitably leading to occasional false positive and false negative reports. To mitigate this, existing state-of-the-art security software offers the feature of Exclusion Lists to allow users to exclude specified files and folders from being scanned or monitored. Through rigorous evaluation, however, we found that some of such products stored their Exclusion Lists as unencrypted cleartexts either in known or predictable locations. In this paper we empirically demonstrate how easy it is to exploit the Exclusion Lists by launching masquerade attacks. We argue that the Exclusion Lists should be better implemented such as using application whitelisting, the contents of the lists to be better safeguarded, and only be readable by authorized entities within a strong access control scheme.

Funding

This work was made possible by the support of a grant (UOCX1720) from the Ministry of Business, Innovation and Employment of New Zealand, September 2017 Catalyst: Strategic Investment Round.

History

Publication Date

2019-01-01

Journal

Australian Journal of Intelligent Information Processing Systems

Volume

16

Issue

4

Article Number

1

Pagination

8p. (p. 1-8)

Publisher

Australian National University

ISSN

1321-2133

Rights Statement

The Author reserves all moral rights over the deposited text and must be credited if any re-use occurs. Documents deposited in OPAL are the Open Access versions of outputs published elsewhere. Changes resulting from the publishing process may therefore not be reflected in this document. The final published version may be obtained via the publisher’s DOI. Please note that additional copyright and access restrictions may apply to the published version.

Usage metrics

    Journal Articles

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC