SpyCon: Emulating User Activities to Detect Evasive Spyware

8 years 11 months ago
SpyCon: Emulating User Activities to Detect Evasive Spyware
The success of any spyware is determined by its ability to evade detection. Although traditional detection methodologies employing signature and anomaly based systems have had reasonable success, new class of spyware programs emerge which blend in with user activities to avoid detection. One of the latest antispyware technologies consists of a local agent that generates honeytokens of known parameters (e.g., network access requests) and tricks spyware into assuming it to be legitimate activity. In this paper, as a first step, we address the deficiencies of static honeytoken generation and present an attack that circumvents such detection techniques. We synthesize the attack by means of data mining algorithms like associative rule mining. Next, we present a randomized honeytoken generation mechanism to address this new class of spyware. Experimental results show that (i) static honeytokens are detected with near 100% accuracy, thereby defeating the state-of-the-art anti-spyware techniq...
Madhusudhanan Chandrasekaran, Vidyaraman Vidyarama
Added 03 Jun 2010
Updated 03 Jun 2010
Type Conference
Year 2007
Authors Madhusudhanan Chandrasekaran, Vidyaraman Vidyaraman, Shambhu J. Upadhyaya
Comments (0)