Twitter
Facebook
LinkedIn
Google+
YouTubeusenix conference policies
Behavior-based Spyware Detection
Spyware is rapidly becoming a major security issue. Spyware programs are surreptitiously installed on a user's workstation to monitor his/her actions and gather private information about a user's behavior. Current antispyware tools operate in a way similar to traditional antivirus tools, where signatures associated with known spyware programs are checked against newly-installed applications. Unfortunately, these techniques are very easy to evade by using simple obfuscation transformations.
This paper presents a novel technique for spyware detection that is based on the characterization of spywarelike behavior. The technique is tailored to a popular class of spyware applications that use Internet Explorer's Browser Helper Object (BHO) and toolbar interfaces to monitor a user's browsing behavior. Our technique uses a composition of static and dynamic analysis to determine whether the behavior of BHOs and toolbars in response to simulated browser events should be considered malicious. The evaluation of our technique on a representative set of spyware samples shows that it is possible to reliably identify malicious components using an abstract behavioral characterization.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Engin Kirda and Christopher Kruegel},
title = {Behavior-based Spyware Detection},
booktitle = {15th USENIX Security Symposium (USENIX Security 06)},
year = {2006},
address = {Vancouver, B.C. Canada},
url = {https://www.usenix.org/conference/15th-usenix-security-symposium/behavior-based-spyware-detection},
publisher = {USENIX Association},
month = jul
}
connect with us