Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A fast algorithm for finding dominators in a flowgraph
ACM Transactions on Programming Languages and Systems (TOPLAS)
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Detecting Kernel-Level Rootkits Through Binary Analysis
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
LISA '04 Proceedings of the 18th USENIX conference on System administration
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Why spyware poses multiple threats to security
Communications of the ACM - Spyware
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Practical taint-based protection using demand emulation
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Behavior-based spyware detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Efficient fine-grained binary instrumentationwith applications to taint-tracking
Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
On the Limits of Information Flow Techniques for Malware Analysis and Containment
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Towards automatic reverse engineering of software security configurations
Proceedings of the 15th ACM conference on Computer and communications security
SS'08 Proceedings of the 17th conference on Security symposium
Panalyst: privacy-aware remote error analysis on commodity software
SS'08 Proceedings of the 17th conference on Security symposium
Pointless tainting?: evaluating the practicality of pointer tainting
Proceedings of the 4th ACM European conference on Computer systems
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Application security code analysis: a step towards software assurance
International Journal of Information and Computer Security
A New Approach to Malware Detection
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Automated Spyware Collection and Analysis
ISC '09 Proceedings of the 12th International Conference on Information Security
Emulating emulation-resistant malware
Proceedings of the 1st ACM workshop on Virtual machine security
SpyShield: preserving privacy from spy add-ons
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A view on current malware behaviors
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
HookScout: proactive binary-centric hook detection
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Expressive, efficient and obfuscation resilient behavior based IDS
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Distributed data usage control for web applications: a social network implementation
Proceedings of the first ACM conference on Data and application security and privacy
Automatically generating patch in binary programs using attribute-based taint analysis
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Identifying the provenance of correlated anomalies
Proceedings of the 2011 ACM Symposium on Applied Computing
Value-based program characterization and its application to software plagiarism detection
Proceedings of the 33rd International Conference on Software Engineering
Inoculation against malware infection using kernel-level software sensors
Proceedings of the 8th ACM international conference on Autonomic computing
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
ACM Transactions on Information and System Security (TISSEC)
Towards practical avoidance of information leakage in enterprise networks
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Evaluation of a spyware detection system using thin client computing
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Minemu: the world's fastest taint tracker
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
Challenges for dynamic analysis of iOS applications
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
Representation-Independent data usage control
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Quantitative analysis for privacy leak software with privacy Petri net
Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics
Pinpointing malicious activities through network and system-level malware execution behavior
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
DTAM: dynamic taint analysis of multi-threaded programs for relevancy
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Bait a trap: introducing natural killer cells to artificial immune system for spyware detection
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Down to the bare metal: using processor features for binary analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Model-Based usage control policy derivation
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
iBinHunt: binary hunting with inter-procedural control flow
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
Communications of the ACM
PoMMaDe: pushdown model-checking for malware detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ACM Transactions on Information and System Security (TISSEC)
Obfuscation resilient binary code reuse through trace-oriented programming
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.02 |
Spyware is a class of malicious code that is surreptitiously installed on victims' machines. Once active, it silently monitors the behavior of users, records their web surfing habits, and steals their passwords. Current anti-spyware tools operate in a way similar to traditional virus scanners. That is, they check unknown programs against signatures associated with known spyware instances. Unfortunately, these techniques cannot identify novel spyware, require frequent updates to signature databases, and are easy to evade by code obfuscation. In this paper, we present a novel dynamic analysis approach that precisely tracks the flow of sensitive information as it is processed by the web browser and any loaded browser helper objects. Using the results of our analysis, we can identify unknown components as spyware and provide comprehensive reports on their behavior. The techniques presented in this paper address limitations of our previouswork on spyware detection and significantly improve the quality and richness of our analysis. In particular, our approach allows a human analyst to observe the actual flows of sensitive data in the system. Based on this information, it is possible to precisely determine which sensitive data is accessed and where this data is sent to. To demonstrate the effectiveness of the detection and the comprehensiveness of the generated reports, we evaluated our system on a substantial body of spyware and benign samples.