Exploiting an antivirus interface

Kevin W. Hamlen, Vishwath Mohan, Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham

Research output: Contribution to journalArticlepeer-review

27 Citations (Scopus)


We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector's underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justify the effectiveness of our approach.

Original languageEnglish
Pages (from-to)1182-1189
Number of pages8
JournalComputer Standards and Interfaces
Issue number6
Publication statusPublished - Nov 2009
Externally publishedYes


  • Binary obfuscation
  • Data mining
  • Security
  • Signature-based malware detection

ASJC Scopus subject areas

  • Software
  • Law
  • General Computer Science
  • Hardware and Architecture
  • Computer Science Applications


Dive into the research topics of 'Exploiting an antivirus interface'. Together they form a unique fingerprint.

Cite this