Methodology for a Field Study of Anti-malware Software

Lévesque, Fanny Lalonde; Davis, Carlton R.; Fernandez, José M.; Chiasson, Sonia; Somayaji, Anil

doi:10.1007/978-3-642-34638-5_7

Cited by 4 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The details of the methodology have been published elsewhere [14], but we nonetheless provide a brief summary here. The study monitored real-world computer usage through diagnostics and logging tools, monthly interviews and questionnaires, and in-depth investigation of any potential infections.…”

Section: Study Descriptionmentioning

confidence: 99%

“…Our experimental protocol [14,13] describes in detail the monthly procedure for identifying and classifying suspicious files that were not detected by the AV. This process of identification and classification is based on user reporting of suspicious machine behaviour, the analysis of logs from the monitoring tools, the results of automated queries to on-line sources with respect to processes found on the machine, file and start-up programme databases (obtained automatically by scripts that we wrote), and any other relevant piece of information that the technician conducting the review might deem relevant.…”

Section: Missed Detectionsmentioning

confidence: 99%

“…Section 2 presents the related work. Section 3 describes the study and provides a summary of its methodology, a detailed description of which is also given in a previous methodology publication [14]. In Section 4, we describe and discuss in detail the results of the study in terms of threat detections by AV, missed detections, and identification of potential risk factors related to user characteristics and behaviour.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A clinical study of risk factors related to malware infections

Lévesque

Nsiempba

Fernandez

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

View full text Add to dashboard Cite

The success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of malware attack and defense, there has been much less research reporting on how human behavior interacts with both malware and current malware defenses.In this paper we describe a proof-of-concept field study designed to examine the interactions between users, antivirus (anti-malware) software, and malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security software through long-term field studies with greater ecological validity than can be achieved through other means.

show abstract

Section: Study Descriptionmentioning

confidence: 99%

Section: Missed Detectionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation