STRIDER: A Black-box, State-based Approach to Change and Configuration Management and Support
LISA '03 Proceedings of the 17th USENIX conference on System administration
Towards a Self-Managing Software Patching Process Using Black-Box Persistent-State Manifests
ICAC '04 Proceedings of the First International Conference on Autonomic Computing
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Fast user-mode rootkit scanner for the enterprise
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Flight data recorder: monitoring persistent-state interactions to improve systems management
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Applications of a feather-weight virtual machine
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
SpySaver: using incentives to address spyware
Proceedings of the 3rd international workshop on Economics of networked systems
Malyzer: Defeating Anti-detection for Application-Level Malware Analysis
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Automated Spyware Collection and Analysis
ISC '09 Proceedings of the 12th International Conference on Information Security
Preventing drive-by download via inter-module communication monitoring
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A forced sampled execution approach to kernel rootkit identification
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
SpyShield: preserving privacy from spy add-ons
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Countering automated exploits with system security CAPTCHAS
Proceedings of the 13th international conference on Security protocols
Safe side effects commitment for OS-level virtualization
Proceedings of the 8th ACM international conference on Autonomic computing
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Using purpose capturing signatures to defeat computer virus mutating
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Holography: a behavior-based profiler for malware analysis
Software—Practice & Experience
Bait a trap: introducing natural killer cells to artificial immune system for spyware detection
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Lines of malicious code: insights into the malicious software industry
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Spyware is a rapidly spreading problem for PC users causing significant impact on system stability and privacy concerns. It attaches to extensibility points in the system to ensure the spyware will be instantiated when the system starts. Users may willingly install free versions of software containing spyware as an alternative to paying for it. Traditional anti-virus techniques are less effective in this scenario because they lack the context to decide if the spyware should be removed.In this paper, we introduce Auto-Start Extensibility Points (ASEPs) as the key concept for modeling the spyware problem. By monitoring and grouping "hooking" operations made to the ASEPs, our Gatekeeper solution complements the traditional signature-based approach and provides a comprehensive framework for spyware management. We present ASEP hooking statistics for 120 real-world spyware programs. We also describe several techniques for discovering new ASEPs to further enhance the effectiveness of our solution.