In the continuously evolving field of malware investigation, a Trojan horse, which appears as innocent software from the user's perspective, represents a significant threat and challenge for antivirus solutions because of their deceptive nature and the various malicious functionalities they provide. This study will compare the effectiveness of three free antiviruses for Linux systems (DrWeb, ClamAV, ESET NOD32) against a dataset of 1919 Trojan malware samples. The evaluation will assess their detection capabilities, resource usage, and the core functionalities they offer. The results revealed a trade-off between these three aspects: DrWeb achieved the highest detection rate (93.43%) but consumed the most resources and provided the most comprehensive functionalities. While ClamAV balanced detection and resource usage with less functionality, ESET NOD32 prioritised low resource usage but showcased a lower detection rate than the other engines (80.93%). Interestingly, the results showed that the category of Trojan horse malware and the file format analysed can affect the detection capabilities of the evaluated antiviruses. This suggests that there is no “silver bullet” for Linux systems against Trojans, and further research in this area is needed to assess the detection capabilities of antivirus engines thoroughly and propose advanced detection methods for robust protection against Trojans on Linux systems.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:hh-53912 |
| Date | January 2024 |
| Creators | Hinne, Tom |
| Publisher | Högskolan i Halmstad, Akademin för informationsteknologi |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0626 seconds