Sciweavers

Share
SEC
2008

HoneyID : Unveiling Hidden Spywares by Generating Bogus Events

10 years 5 months ago
HoneyID : Unveiling Hidden Spywares by Generating Bogus Events
A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally. We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.
Jeheon Han, Jonghoon Kwon, Heejo Lee
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2008
Where SEC
Authors Jeheon Han, Jonghoon Kwon, Heejo Lee
Comments (0)
books