Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
A Smart Fuzzer for x86 Executables
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Containment of network worms via per-process rate-limiting
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Eureka: A Framework for Enabling Static Malware Analysis
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
The user is not the enemy: fighting malware by tracking user intentions
Proceedings of the 2008 workshop on New security paradigms
Automated Spyware Collection and Analysis
ISC '09 Proceedings of the 12th International Conference on Information Security
Battle of Botcraft: fighting bots in online games with human observational proofs
Proceedings of the 16th ACM conference on Computer and communications security
Behavior based software theft detection
Proceedings of the 16th ACM conference on Computer and communications security
pBMDS: a behavior-based malware detection system for cellphone devices
Proceedings of the third ACM conference on Wireless network security
A forced sampled execution approach to kernel rootkit identification
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
SpyShield: preserving privacy from spy add-ons
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
PROBE: a process behavior-based host intrusion prevention system
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Malware in IEEE 802.11 wireless networks
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
An automatic HTTP cookie management system
Computer Networks: The International Journal of Computer and Telecommunications Networking
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
Bait your hook: a novel detection technique for keyloggers
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Misleading malware similarities analysis by automatic data structure obfuscation
ISC'10 Proceedings of the 13th international conference on Information security
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Deriving common malware behavior through graph clustering
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Inoculation against malware infection using kernel-level software sensors
Proceedings of the 8th ACM international conference on Autonomic computing
Safe side effects commitment for OS-level virtualization
Proceedings of the 8th ACM international conference on Autonomic computing
Virtual machine monitor-based lightweight intrusion detection
ACM SIGOPS Operating Systems Review
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
KLIMAX: profiling memory write patterns to detect keystroke-harvesting malware
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Shadow attacks: automatically evading system-call-behavior based malware detection
Journal in Computer Virology
A quantitative study of accuracy in system call-based malware detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Impeding automated malware analysis with environment-sensitive malware
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
Detecting and analyzing insecure component usage
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Bait a trap: introducing natural killer cells to artificial immune system for spyware detection
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Information Sciences: an International Journal
Using file relationships in malware classification
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Securing legacy firefox extensions with SENTINEL
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
| Hi-index | 0.00 |
Spyware is rapidly becoming a major security issue. Spyware programs are surreptitiously installed on a user's workstation to monitor his/her actions and gather private information about a user's behavior. Current antispyware tools operate in a way similar to traditional antivirus tools, where signatures associated with known spyware programs are checked against newly-installed applications. Unfortunately, these techniques are very easy to evade by using simple obfuscation transformations. This paper presents a novel technique for spyware detection that is based on the characterization of spywarelike behavior. The technique is tailored to a popular class of spyware applications that use Internet Explorer's Browser Helper Object (BHO) and toolbar interfaces to monitor a user's browsing behavior. Our technique uses a composition of static and dynamic analysis to determine whether the behavior of BHOs and toolbars in response to simulated browser events should be considered malicious. The evaluation of our technique on a representative set of spyware samples show that it is possible to reliably identify malicious components using an abstract behavioral characterization.