Performance Evaluation of Antivirus Systems for Computer Networks

Abstract Computer networks are an important part of modern civilization. They are used in almost all spheres of human activity. The significant losses due to failures of these networks mean there are high requirements for the stability of their operation. In particular, their stability relies on protection against virus attacks. For this purpose, corresponding antivirus systems are developed. As a performance measure for these systems, it is proposed to use the number of network computers that a virus manages to infect before it is detected and removed. In this case, the empirical basis for evaluating the performance of antivirus systems is the data obtained by field tests and/or operational experience. These data are random in nature and their availability is generally rather limited. In this paper we consider an approach to the performance evaluation of antivirus systems for computer networks that takes into account the empirical data mentioned above. The approach is based on a representation of the empirical data as a small sample from a general set of values of a random variable that characterizes the number of network computers the virus manages to infect before it is detected and removed. The distribution function of this variable is used as a test model. This distribution function is constructed based on the principle of maximum uncertainty. Shannon entropy is used as a measure of uncertainty.