Detection of Spyware by Mining Executable Files
Blekinge Institute of Technology, School of Computing2010 (English)Conference paper (Refereed) Published
Spyware represents a serious threat to confidentiality since it may result in loss of control over private data for computer users. This type of software might collect the data and send it to a third party without informed user consent. Traditionally two approaches have been presented for the purpose of spyware detection: Signature-based Detection and Heuristic-based Detection. These approaches perform well against known Spyware but have not been proven to be successful at detecting new spyware. This paper presents a Spyware detection approach by using Data Mining (DM) technologies. Our approach is inspired by DM-based malicious code detectors, which are known to work well for detecting viruses and similar software. However, this type of detector has not been investigated in terms of how well it is able to detect spyware. We extract binary features, called n-grams, from both spyware and legitimate software and apply five different supervised learning algorithms to train classifiers that are able to classify unknown binaries by analyzing extracted n-grams. The experimental results suggest that our method is successful even when the training data is scarce.
Place, publisher, year, edition, pages
Krakow: IEEE Computer Society , 2010.
Spyware Detection, Data Mining, Malicious Code, Feature Extraction
IdentifiersURN: urn:nbn:se:bth-7837DOI: 10.1109/ARES.2010.105ISI: 000278197800042Local ID: oai:bth.se:forskinfo22AC5EFE2DB008C0C12576EC0066347AOAI: oai:DiVA.org:bth-7837DiVA: diva2:835504
The Fifth International Conference on Availability, Reliability and Security (ARES 2010)