Learning to detect spyware using end user license agreements
Blekinge Institute of Technology, School of Computing2011 (English)In: Knowledge and Information Systems, ISSN 0219-1377, Vol. 26, no 2, 285-307 p.Article in journal (Refereed) PublishedAlternative title
Detektion av spionprogram genom inlärning av slutanvändarlicenser (Swedish)
The amount of software that hosts spyware has increased dramatically. To avoid legal repercussions, the vendors need to inform users about inclusion of spyware via end user license agreements (EULAs) during the installation of an application. However, this information is intentionally written in a way that is hard for users to comprehend. We investigate how to automatically discriminate between legitimate software and spyware associated software by mining EULAs. For this purpose, we compile a data set consisting of 996 EULAs out of which 9.6% are associated to spyware. We compare the performance of 17 learning algorithms with that of a baseline algorithm on two data sets based on a bag-of-words and a meta data model. The majority of learning algorithms significantly outperform the baseline regardless of which data representation is used. However, a non-parametric test indicates that bag-of-words is more suitable than the meta model. Our conclusion is that automatic EULA classification can be applied to assist users in making informed decisions about whether to install an application without having read the EULA. We therefore outline the design of a spyware prevention tool and suggest how to select suitable learning algorithms for the tool by using a multi-criteria evaluation approach.
Place, publisher, year, edition, pages
Springer London , 2011. Vol. 26, no 2, 285-307 p.
End user license agreement, Document classification, Spyware
IdentifiersURN: urn:nbn:se:bth-7212DOI: 10.1007/s10115-009-0278-zISI: 000286211500005Local ID: oai:bth.se:forskinfoB202672BD62D6131C12576BB004218E0OAI: oai:DiVA.org:bth-7212DiVA: diva2:834794