Write a Blog >>
ESEC/FSE 2022
Mon 14 - Fri 18 November 2022 Singapore
Thu 17 Nov 2022 11:00 - 11:30 at SRC GLR - Test Automation Efficiency 1 Chair(s): Ákos Kiss

Traditional testing of Anti-Virus (AV) products is usually performed on a curated set of malware samples. While this approach can evaluate an AV’s overall performance on known threats, it fails to provide details on the coverage of exact attack techniques used by adversaries and malware. Such coverage information is crucial in helping users understand potential attack paths formed using new code and combinations of known attack techniques. This paper describes KUBO, a framework for systematic largescale testing of behavioral coverage of AV software. KUBO uses a novel malware behavior emulation method to generate a large number of attacks from combinations of adversarial procedures and runs them against a set of AVs. Contrary to other emulators, our attacks are coordinated by the adversarial procedures themselves, rendering the emulated malware independent of agents and semantically coherent. We perform an evaluation of KUBO on 7 major commercial AVs utilizing tens of distinct attack procedures and thousands of their combinations. The results demonstrate that our approach is feasible, leads to automatic large-scale evaluation, and is able to unveil a multitude of open attack paths. We show how the results can be used to assess general behavioral efficacy and efficacy with respect to individual adversarial procedures.

Thu 17 Nov

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

11:00 - 12:30
Test Automation Efficiency 1A-TEST at SRC GLR
Chair(s): Ákos Kiss University of Szeged, Hungary
11:00
30m
Talk
KUBO: A Framework for Automated Efficacy Testing of Anti-Virus Behavioral Detection with Procedure-based Malware Emulation
A-TEST
Jakub Pružinec , Quynh Anh Nguyen , Adrian Baldwin , Jonathan Griffin , Yang Liu Shanghai Maritime University/National University of Singapore
11:30
30m
Talk
Interactive Fault Localization for Python with CharmFL
A-TEST
Attila Szatmári , Qusay Idrees Sarhan Department of Software Engineering, University of Szeged, Árpád Beszédes Department of Software Engineering, University of Szeged