Title :
Detection of Spyware by Mining Executable Files
Author :
Shahzad, R.K. ; Haider, Syed Imran ; Lavesson, Niklas
Author_Institution :
Sch. of Comput., Blekinge Inst. of Technol., Ronneby, Sweden
Abstract :
Spyware represents a serious threat to confidentiality since it may result in loss of control over private data for computer users. This type of software might collect the data and send it to a third party without informed user consent. Traditionally two approaches have been presented for the purpose of spyware detection: Signature-based Detection and Heuristic-based Detection. These approaches perform well against known Spyware but have not been proven to be successful at detecting new spyware. This paper presents a Spyware detection approach by using Data Mining (DM)technologies. Our approach is inspired by DM-based malicious code detectors, which are known to work well for detecting viruses and similar software. However, this type of detector has not been investigated in terms of how well it is able to detect spyware. We extract binary features, called n-grams, from both spyware and legitimate software and apply five different supervised learning algorithms to train classifiers that are able to classify unknown binaries by analyzing extracted n-grams. The experimental results suggest that our method is successful even when the training data is scarce.
Keywords :
data mining; invasive software; DM-based malicious code detectors; data mining; executable files mining; feature extraction; heuristic-based detection; n-grams feature; signature-based detection; spyware detection; Application software; Availability; Computer displays; Computer viruses; Data mining; Detectors; Feature extraction; Software performance; Software systems; Viruses (medical); Data Mining; Feature Extraction; Malicious Code; Spyware Detection;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.105
