AV-Teller: Browser Fingerprinting for Client-Side Security Software Identification
The rapid proliferation of digitalization and the growing reliance on internet-based technologies by individuals and organizations have led to a significant escalation in the frequency and sophistication of cyberattacks. As attackers continuously refine their methods to evade conventional defense me...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-05-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/9/5059 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850155744258686976 |
|---|---|
| author | Hyeong-Seok Jang Mohsen Ali Alawami Ki-Woong Park |
| author_facet | Hyeong-Seok Jang Mohsen Ali Alawami Ki-Woong Park |
| author_sort | Hyeong-Seok Jang |
| collection | DOAJ |
| description | The rapid proliferation of digitalization and the growing reliance on internet-based technologies by individuals and organizations have led to a significant escalation in the frequency and sophistication of cyberattacks. As attackers continuously refine their methods to evade conventional defense mechanisms, antivirus solutions, despite their widespread utilization as primary security tools, face increasing challenges in addressing these evolving threats. This study introduces AV-Teller, a novel framework designed for analyzing antivirus behavior through interactions with web browsers. AV-Teller reveals weaknesses in antivirus detection mechanisms by highlighting ways in which web browser interactions may inadvertently expose critical aspects of antivirus operations. The framework provides key insights into the vulnerabilities inherent to these detection processes and their implications for the interplay between antivirus systems and modern web technologies. To assess the efficacy of the AV-Teller in detecting antivirus via web browsers, the framework evaluates three detection scenarios: Document Object Model (DOM) Monitoring-Based Detection, Signature-Based Detection, and Phishing Page-Based Detection. The results revealed performance inconsistencies: 16 products (57%) failed to respond to any tested scenarios, exhibiting deficiencies in threat mitigation capabilities. Of the 12 products (43%) that successfully handled three scenarios, 9 (75%) inadvertently disclosed identifiable antivirus metadata during assessments, thereby enabling attackers to pinpoint specific antivirus solutions and exploit their vulnerabilities. These findings highlight critical gaps in the interaction between antivirus systems and web technologies, exposing systemic flaws in existing security mechanisms. The inadvertent exposure of sensitive antivirus data underscores the necessity for robust data handling protocols, necessitating collaboration between antivirus developers and web technology stakeholders to design secure frameworks. By exposing these risks, the AV-Teller framework elucidates the limitations of current defenses and establishes a foundation for the enhancement of antivirus technologies to address emerging cyber threats effectively. |
| format | Article |
| id | doaj-art-f5d7bf28060544bea8d039af2ebc19fe |
| institution | OA Journals |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-f5d7bf28060544bea8d039af2ebc19fe2025-08-20T02:24:47ZengMDPI AGApplied Sciences2076-34172025-05-01159505910.3390/app15095059AV-Teller: Browser Fingerprinting for Client-Side Security Software IdentificationHyeong-Seok Jang0Mohsen Ali Alawami1Ki-Woong Park2SysCore Laboratory, Sejong University, Seoul 05006, Republic of KoreaDivision of Computer Engineering, Hankuk University of Foreign Studies, Yongin 17035, Republic of KoreaDepartment of Information Security, Sejong University, Seoul 05006, Republic of KoreaThe rapid proliferation of digitalization and the growing reliance on internet-based technologies by individuals and organizations have led to a significant escalation in the frequency and sophistication of cyberattacks. As attackers continuously refine their methods to evade conventional defense mechanisms, antivirus solutions, despite their widespread utilization as primary security tools, face increasing challenges in addressing these evolving threats. This study introduces AV-Teller, a novel framework designed for analyzing antivirus behavior through interactions with web browsers. AV-Teller reveals weaknesses in antivirus detection mechanisms by highlighting ways in which web browser interactions may inadvertently expose critical aspects of antivirus operations. The framework provides key insights into the vulnerabilities inherent to these detection processes and their implications for the interplay between antivirus systems and modern web technologies. To assess the efficacy of the AV-Teller in detecting antivirus via web browsers, the framework evaluates three detection scenarios: Document Object Model (DOM) Monitoring-Based Detection, Signature-Based Detection, and Phishing Page-Based Detection. The results revealed performance inconsistencies: 16 products (57%) failed to respond to any tested scenarios, exhibiting deficiencies in threat mitigation capabilities. Of the 12 products (43%) that successfully handled three scenarios, 9 (75%) inadvertently disclosed identifiable antivirus metadata during assessments, thereby enabling attackers to pinpoint specific antivirus solutions and exploit their vulnerabilities. These findings highlight critical gaps in the interaction between antivirus systems and web technologies, exposing systemic flaws in existing security mechanisms. The inadvertent exposure of sensitive antivirus data underscores the necessity for robust data handling protocols, necessitating collaboration between antivirus developers and web technology stakeholders to design secure frameworks. By exposing these risks, the AV-Teller framework elucidates the limitations of current defenses and establishes a foundation for the enhancement of antivirus technologies to address emerging cyber threats effectively.https://www.mdpi.com/2076-3417/15/9/5059browser fingerprintantivirus detectionbrowser securitysecurity evaluation |
| spellingShingle | Hyeong-Seok Jang Mohsen Ali Alawami Ki-Woong Park AV-Teller: Browser Fingerprinting for Client-Side Security Software Identification Applied Sciences browser fingerprint antivirus detection browser security security evaluation |
| title | AV-Teller: Browser Fingerprinting for Client-Side Security Software Identification |
| title_full | AV-Teller: Browser Fingerprinting for Client-Side Security Software Identification |
| title_fullStr | AV-Teller: Browser Fingerprinting for Client-Side Security Software Identification |
| title_full_unstemmed | AV-Teller: Browser Fingerprinting for Client-Side Security Software Identification |
| title_short | AV-Teller: Browser Fingerprinting for Client-Side Security Software Identification |
| title_sort | av teller browser fingerprinting for client side security software identification |
| topic | browser fingerprint antivirus detection browser security security evaluation |
| url | https://www.mdpi.com/2076-3417/15/9/5059 |
| work_keys_str_mv | AT hyeongseokjang avtellerbrowserfingerprintingforclientsidesecuritysoftwareidentification AT mohsenalialawami avtellerbrowserfingerprintingforclientsidesecuritysoftwareidentification AT kiwoongpark avtellerbrowserfingerprintingforclientsidesecuritysoftwareidentification |