• DocumentCode
    1806614
  • Title

    Siren: catching evasive malware

  • Author

    Borders, Kevin ; Zhao, Xin ; Prakash, Atul

  • Author_Institution
    Dept. of Electr. Eng. & Comput. Sci., Michigan Univ., Ann Arbor, MI
  • fYear
    2006
  • fDate
    21-24 May 2006
  • Lastpage
    85
  • Abstract
    With the growing popularity of anomaly detection systems, which is due partly to the rise in zero-day attacks, a new class of threats have evolved where the attacker mimics legitimate activity to blend in and avoid detection. We propose a new system called Siren that injects crafted human input alongside legitimate user activity to thwart these mimicry attacks. The crafted input is specially designed to trigger a known sequence of network requests, which Siren compares to the actual traffic. It then flags unexpected messages as malicious. Using this method, we were able to detect ten spyware programs that we tested, many of which attempt to blend in with user activity. This paper presents the design, implementation, and evaluation of the Siren activity injection system, as well as a discussion of its potential limitations
  • Keywords
    security of data; Siren activity injection system; anomaly detection systems; evasive malware; mimicry attacks; spyware programs; zero-day attacks; Collaborative software; Computer hacking; Delay; Humans; Information security; Internet; Intrusion detection; Telecommunication traffic; Testing; Virtual machining;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2006 IEEE Symposium on
  • Conference_Location
    Berkeley/Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    0-7695-2574-1
  • Type

    conf

  • DOI
    10.1109/SP.2006.37
  • Filename
    1624002
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1806614