SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Containment of network worms via per-process rate-limiting
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Automated Spyware Collection and Analysis
ISC '09 Proceedings of the 12th International Conference on Information Security
SpyShield: preserving privacy from spy add-ons
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Supporting velocity of investigation with behavior analysis of malware
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
| Hi-index | 0.01 |
We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. If classified as spyware, NetSpy also generates a signature characterizing the malicious substrate of the spyware's network behavior. Such a signature can be used by network intrusion detection systems to detect spyware installations in large networks. In our experiments, NetSpy precisely identified each of the 7 spyware programs that we considered and generated network-level signatures for them. Of the 9 supposedly-benign programs that we considered, NetSpy correctly characterized 6 of them as benign. The remaining 3 programs showed network behavior that was highly suggestive of spying activity.