U Michigan Team Recommends Anti-Virus Overhaul

• By Paul McCloskey
• 07/12/07

A report by researchers at the University of Michigan's electrical engineering and computer science department concluded that anti-virus products are inconsistent when it comes to identifying worm, phishing, and botnet attacks.

The report, done with network security company Arbor Networks Inc., argues that a new classification technique is required to prevent anti-virus products from overlooking the attacks.

The report, titled, "Automated Classification and Analysis of Internet Malware," said that inconsistency in the embedded semantics for classifying viruses leads to failures to "detect or provide labels for between 20 [percent] and 62 percent" of the malware samples it tested.

A new classification technique is needed, the researchers said, that describes malware "in terms of system state changes (e.g., files written, processes created) rather than in sequences or patterns of system calls."

A more effective classification method would automatically categorize malware into groups that reflect similar classes of behaviors.

Read More:

• University of Michigan Report (PDF)