Masquerade Attacks Against Security Software Exclusion Lists
| dc.citation.issue | 4 | |
| dc.citation.volume | 16 | |
| dc.contributor.author | McIntosh T | |
| dc.contributor.author | Jang-Jaccard J | |
| dc.contributor.author | Watters P | |
| dc.contributor.author | Susnjak T | |
| dc.date.accessioned | 2023-11-20T01:37:41Z | |
| dc.date.available | 2019 | |
| dc.date.available | 2023-11-20T01:37:41Z | |
| dc.date.issued | 2019 | |
| dc.description | Australian Journal of Intelligent Information Processing Systems (AJIIPS) publishes fully open access journals, which means that all articles are available on the internet to all users immediately upon publication. Non-commercial use and distribution in any medium is permitted, provided the author and the journal are properly credited. | |
| dc.description.abstract | Security software, commonly known as Antivirus, has evolved from simple virus scanners to become multi-functional security suites. To combat ever-growing malware threats, modern security software utilizes both static and dynamic analysis to assess malware threats, inevitably leading to occasional false positive and false negative reports. To mitigate this, existing state-of-the-art security software offers the feature of Exclusion Lists to allow users to exclude specified files and folders from being scanned or monitored. Through rigorous evaluation, however, we found that some of such products stored their Exclusion Lists as unencrypted cleartexts either in known or predictable locations. In this paper we empirically demonstrate how easy it is to exploit the Exclusion Lists by launching masquerade attacks. We argue that the Exclusion Lists should be better implemented such as using application whitelisting, the contents of the lists to be better safeguarded, and only be readable by authorized entities within a strong access control scheme. | |
| dc.description.confidential | false | |
| dc.format.extent | 1 - 1 | |
| dc.identifier | http://ajiips.com.au/ | |
| dc.identifier.citation | Australian Journal of Intelligent Information Processing Systems, 2019, 16 (4), pp. 1 - 1 | |
| dc.identifier.elements-id | 443515 | |
| dc.identifier.harvested | Massey_Dark | |
| dc.identifier.issn | 1321-2133 | |
| dc.identifier.uri | https://hdl.handle.net/10179/16288 | |
| dc.publisher | AJIIPS | |
| dc.publisher.uri | http://ajiips.com.au/ | |
| dc.relation.isPartOf | Australian Journal of Intelligent Information Processing Systems | |
| dc.rights | CC BY-NC-ND 4.0 | |
| dc.subject.anzsrc | 0801 Artificial Intelligence and Image Processing | |
| dc.subject.anzsrc | 1702 Cognitive Sciences | |
| dc.title | Masquerade Attacks Against Security Software Exclusion Lists | |
| dc.type | Journal article | |
| pubs.notes | Not known | |
| pubs.organisational-group | /Massey University | |
| pubs.organisational-group | /Massey University/College of Sciences |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- 1159010_McIntosh,T_2019.pdf
- Size:
- 2.29 MB
- Format:
- Adobe Portable Document Format
- Description: