Skip to main content
SpringerLink
Log in

Testing and evaluating virus detectors for handheld devices

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

The widespread use of personal digital assistants and smartphones gives securing these devices a high priority. Yet little attention has been placed on protecting handheld devices against viruses. Currently available antivirus software for handhelds is few in number. At this stage, the opportunity exists for the evaluation and improvement of current solutions. By pinpointing weaknesses in the current antivirus software, improvements can be made to properly protect these devices from a future tidal wave of viruses. This research evaluates four currently available antivirus solutions for handheld devices. A formal model of virus transformation that provides transformation traceability is presented. Two sets of ten tests each were administered; nine tests from each set involved the modification of source code of two known viruses for handheld devices. The testing techniques used are well established in PC testing; thus the focus of this research is solely on handheld devices. Statistical analysis of the test results show high false negative production rates for the antivirus software and an overall false negative production rate of 47.5% with a 95% confidence interval between 36.6% and 58.4%. This high rate shows that current solutions poorly identify modified versions of a virus. The virus is left undetected and capable of spreading, infecting and causing damage.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Conry-Murray, A.: Behavior blocking stops unknown malicious code. Netw. Mag. (2002) http://www.networkmagazine.com

  2. Marx, A.: A guideline to anti-malware-software testing. In: European Institute for Computer Anti-Virus Research (EICAR) 2000 Best Paper Proceedings, 2000. pp. 218–253.

  3. Morales, J.A., Clarke, P.J., Deng, Y.: Testing and evaluation of virus detectors for handheld devices. In: The Proceedings of NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM), pp. 67–74 (2004)

  4. Nachenberg C. (1997). Computer virus-antivirus coevolution. Commun. ACM 40(1):46–51. http://doi.acm.org/10.1145/242857.242869

    Article  Google Scholar 

  5. Nachenberg, C.: Behavior blocking: the next step in anti-virus protection. Security Focus, March (2002) http://www.securityfocus.com/infocus/1557

  6. Ntafos, S.C.: On random and p1artition testing. In: ISSTA ’98: Proceedings of the 1998 ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 42–48 ACM Press, New York (1998). http://doi.acm. org/10.1145/271771.271785

  7. Peikari, C., Fogie S., Ratter/29A.: Details emerge on the first windows mobile virus. informit.com (2004) http://www.informit.com/articles/article.asp?p=337069.

  8. Peikari, C., Fogie, S., Ratter/29A, Read, J.: Reverse engineering the first pocket pc trojan. Sams Publishing (2004) http://www.samspublishing.com/articles/article.asp?p=340544.

  9. Symantec antivirus research center: http://securityresponse.symantec.com/avcenter/

  10. Denning, D.: Cyberterrorism testimony before the special oversight panel of terrorism committee on armed services, house of representatives, May (2000) http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html

  11. Mackey D., Gossels J., Johnson, B.C.: Securing your handheld devices. The ISSA Journal, April (2004). http://www.systemexperts.com/tutors/ISSAHandheldArticle.pdf

  12. Filiol E. (2005). Computer Viruses: from Theory to Applications. IRIS International series, Springer, Berlin Heidelberg Newyork Verlag, ISBN 2-287-23939-1

    Google Scholar 

  13. Filiol, E.: Malware pattern scanning schemes secure against black box analysis. J. Comput. Virol., EICAR 2006 Special Issue, (2), 1 (2006)

  14. Messmer, E.: Behavior blocking repels new viruses. Network World Fusion, January (2002) http://www.nwfusion.com/news/2002/0128antivirus.html

  15. Cohen, F.: A Short Course on Computer Viruses. Wiley Professional Computing (1994). ISBN 0-471-00769-2

  16. Schneider F. (2000). Enforceable security policies. ACM Trans. Inf. Syst. Security, 3(1):30–50. http://doi.acm.org/ 10.1145/353323.353382

    Article  Google Scholar 

  17. Vahid, F., Givargis, T.: Embedded System Design a Unified Hardware/Software Introduction. Wiley (2002) ISBN 0-471-38678-2

  18. Francia, G.: Embedded system programming. J Comput Sci Colleges 17(2), (2001)

  19. Zar J.H. (1999). Biostatistical Analysis. Prentice-Hall, New Jersey. Second edition, ISBN 0-130-81542-X

    Google Scholar 

  20. Zhu H., Hall P., May J. (1997). Software unit test coverage and adequacy. ACM Comput. Surve. 29(4):366–427

    Article  Google Scholar 

  21. Ibm research. virus timeline. http://www.research.ibm.com/ antivirus/timeline.htm

  22. Myers, G.J. The Art of Software Testing. Wiley (2004). Second edition, ISBN 0-471-46912-2

  23. Sheaffer, R.L., McClave J.T.: Probability and Statistics for Engineers. International Thomson Publishing and Wadsworth Publishing Company (1996) Fourth edition, ISBN 0-534-20964-5

  24. Christodorescu, M., Jha, S.: Testing malware detectors. ISSTA ’04: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 34–44 (2004) http://doi.acm.org/10.1145/1007512.1007518

  25. National vulnerability database. http://nvd.nist.gov/

  26. Singh, P., Lakhotia, A.: Analysis and detection of computer viruses and worms: an annotated bibliography. In: ACM SIGPLAN Notices, Vol.37, pp. 29–35 (2002) http://doi. acm.org/10.1145/568600.568608

  27. Szor, P.: The Art of Computer Virus Research and Defense. Symantec Press and Addison-Wesley (2005). ISBN 9-780321-304544

  28. Symantec Security White Paper: Wireless handheld and smartphone security. Technical report, Symantec Corporation (2003). http://www.symantec.com

  29. Ford, R.: The wrong stuff? IEEE Security Privacy (2004)

  30. Fogie, S.: Pocket pc abuse: to protect and destroy. In: Black Hat USA (2004) http://www.airscanner.com/pubs/BlackHat2004.pdf

  31. Foley S., Dumigan R. (2001). Are handheld viruses a significant threat? Commun ACM 44(1):105–107. http://doi.acm.org/10.1145/357489.357516

    Article  Google Scholar 

  32. Gordon, S., Howard, F.: Antivirus software testing for the new millennium. In: Proceedings of National Information Systems Security Conference (NISSC), (2000). http://csrc.nist.gov/nissc/2000/proceedings/papers/038.pdf

  33. Gordon, S., Ford, R.: Real world anti-virus product reviews and evaluations - the current state of affairs. In: Proceedings of the 1996 National Information Systems Security Conference (1996)

  34. Gordon, S., Ford, R.: Computer crime revisited: the evolution of definition and classification. In: European Institute for Computer Anti-Virus Research (EICAR) (2006)

  35. Stata release 9.0. Stata Corporation (1999); College Station, Texas

  36. Winrar. http://www.win-rar.com/

Download references

Author information

Authors and Affiliations

  1. School of Computing and Information Sciences, Florida International University, University Park, Miami, FL, 33199, USA

    Jose Andre Morales, Peter J. Clarke & Yi Deng

  2. Department of Statistics, Florida International University, University Park, Miami, FL, 33199, USA

    B. M. Golam Kibria

Authors
  1. Jose Andre Morales
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter J. Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. B. M. Golam Kibria
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jose Andre Morales.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Morales, J.A., Clarke, P.J., Deng, Y. et al. Testing and evaluating virus detectors for handheld devices. J Comput Virol 2, 135–147 (2006). https://doi.org/10.1007/s11416-006-0024-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-006-0024-y

Keywords

Search

Navigation