Behavior-based spyware detection
作者: Engin Kirda , Richard A. Kemmerer , Christopher Kruegel , Greg Banks , Giovanni Vigna
DOI:
关键词:
摘要: Spyware is rapidly becoming a major security issue. programs are surreptitiously installed on user's workstation to monitor his/her actions and gather private information about behavior. Current antispyware tools operate in way similar traditional antivirus tools, where signatures associated with known spyware checked against newly-installed applications. Unfortunately, these techniques very easy evade by using simple obfuscation transformations. This paper presents novel technique for detection that based the characterization of spywarelike The tailored popular class applications use Internet Explorer's Browser Helper Object (BHO) toolbar interfaces browsing Our uses composition static dynamic analysis determine whether behavior BHOs toolbars response simulated browser events should be considered malicious. evaluation our representative set samples show it possible reliably identify malicious components an abstract behavioral characterization.
ucsb.edu
acm.org 
seclab.nu 参考文章(12)
Sven B. Schreiber, Undocumented Windows 2000 Secrets: A Programmer's Cookbook ,(2001)
Galen Hunt, Doug Brubacher, Detours: binary interception of Win32 functions conference on usenix windows nt symposium. pp. 14- 14 ,(1999)
Henry M. Levy, Steven D. Gribble, Stefan Saroiu, Measurement and Analysis of Spyware in a University Environment. networked systems design and implementation. pp. 141- 153 ,(2004)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Mihai Christodorescu, Somesh Jha, Testing malware detectors international symposium on software testing and analysis. ,vol. 29, pp. 34- 44 ,(2004) , 10.1145/1007512.1007518
Roger Thompson, Why spyware poses multiple threats to security Communications of The ACM. ,vol. 48, pp. 41- 43 ,(2005) , 10.1145/1076211.1076237
Chad Verbowski, Roussi Roussev, Sy-Yen Kuo, Aaron Johnson, Ming-Wei Wu, Yi-Min Wang, Yennun Huang, Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management usenix large installation systems administration conference. pp. 33- 46 ,(2004)
Henry M. Levy, Alexander Moshchuk, Steven D. Gribble, Tanya Bragin, A Crawler-based Study of Spyware on the Web network and distributed system security symposium. ,(2005)
M. Christodorescu, S. Jha, S.A. Seshia, D. Song, R.E. Bryant, Semantics-aware malware detection ieee symposium on security and privacy. pp. 32- 46 ,(2005) , 10.1109/SP.2005.20
C. Kruegel, W. Robertson, G. Vigna, Detecting kernel-level rootkits through binary analysis annual computer security applications conference. pp. 91- 100 ,(2004) , 10.1109/CSAC.2004.19