Siren: Catching Evasive Malware (Short Paper)

13 years 10 months ago
Siren: Catching Evasive Malware (Short Paper)
With the growing popularity of anomaly detection systems, which is due partly to the rise in zero-day attacks, a new class of threats have evolved where the attacker mimics legitimate activity to blend in and avoid detection. We propose a new system called Siren that injects crafted human input alongside legitimate user activity to thwart these mimicry attacks. The crafted input is specially designed to trigger a known sequence of network requests, which Siren compares to the actual traffic. It then flags unexpected messages as malicious. Using this method, we were able to detect ten spyware programs that we tested, many of which attempt to blend in with user activity. This paper presents the design, implementation, and evaluation of the Siren activity injection system, as well as a discussion of its potential limitations.
Kevin Borders, Xin Zhao, Atul Prakash
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where SP
Authors Kevin Borders, Xin Zhao, Atul Prakash
Comments (0)