What is it about?
In this paper, we shed light on the blackbox testing functionality of VirusTotal by evaluating the detection results of VirusTotal antivirus engines and their equivalent desktop versions. Based on our results, we arrive to the conclusion that there are discrepancies between the engines on VirusTotal and the desktop engines.
Featured Image
Photo by Michael Geiger on Unsplash
Why is it important?
In general, due to the very limited number of published papers regarding the reliability of VirusTotal for malware detection and the contradicting results of existing works, there is a need for further investigation into this topic. To this end, this paper explore and compare in a comprehensive manner the VirusTotal and desktop engines by utilizing several evasion techniques and tools.
Perspectives
Results showed that there is inconsistency between the engines on VirusTotal and their desktop versions. That is, VirusTotal exhibited lower malware detection rates for most AV engines compared to their desktop counterparts. While some AVs such as Avira demonstrate small inconsistencies, others such as K7 exhibit large differences between their VirusTotal and desktop engines. We concluded that this may be attributed to the fact that AV engines on VirusTotal do not include cloud-based detection, or they are shipped with different settings compared to their desktop counterparts.
Dr. Stylianos Karagiannis
Ionian University
Read the Original
This page is a summary of: A Comparative Analysis of VirusTotal and Desktop Antivirus Detection Capabilities, July 2022, Institute of Electrical & Electronics Engineers (IEEE),
DOI: 10.1109/iisa56318.2022.9904382.
You can read the full text:
Contributors
The following have contributed to this page
