Crimeware swindling without virtual machines

Authors:
Vasilis Pappas;Brian M. Bowen;Angelos D. Keromytis
Affiliations:
Department of Computer Science, Columbia University;Department of Computer Science, Columbia University;Department of Computer Science, Columbia University
Venue:
ISC'10 Proceedings of the 13th international conference on Information security
Year:
2010

Citing 3
Cited 1

Siren: Catching Evasive Malware (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
BotSwindler: tamper resistant injection of believable decoys in VM-based hosts for crimeware detection

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Evaluation of a spyware detection system using thin client computing

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology

Evaluation of a spyware detection system using thin client computing

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In previous work, we introduced a bait-injection system designed to delude and detect crimeware by forcing it to reveal itself during the exploitation of captured information. Although effective as a technique, our original system was practically limited, as it was implemented in a personal VM environment. In this paper, we investigate how to extend our system by applying it to personal workstation environments. Adapting our system to such a different environment reveals a number of challenging issues, such as scalability, portability, and choice of physical communication means. We provide implementation details and we evaluate the effectiveness of our new architecture.