Title :
NetSpy: Automatic Generation of Spyware Signatures for NIDS
Author :
Wang, Hao ; Jha, Somesh ; Ganapathy, Vinod
Author_Institution :
Dept. of Comput. Sci., Wisconsin-Madison Univ., Madison, WI
Abstract :
We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. If classified as spyware, NetSpy also generates a signature characterizing the malicious substrate of the spyware´s network behavior. Such a signature can be used by network intrusion detection systems to detect spyware installations in large networks. In our experiments, NetSpy precisely identified each of the 7 spyware programs that we considered and generated network-level signatures for them. Of the 9 supposedly-benign programs that we considered, NetSpy correctly characterized 6 of them as benign. The remaining 3 programs showed network behavior that was highly suggestive of spying activity
Keywords :
digital signatures; invasive software; NetSpy; network intrusion detection systems; spyware signatures; untrusted program; Character generation; Computer networks; Computerized monitoring; Detectors; Hemorrhaging; Intrusion detection; Network servers; Privacy; Telecommunication traffic; Uniform resource locators;
Conference_Titel :
Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual
Conference_Location :
Miami Beach, FL
Print_ISBN :
0-7695-2716-7
DOI :
10.1109/ACSAC.2006.34
