Automated Spyware Detection Using End User License Agreements

Document type: Conference Papers
Peer reviewed: Yes
Full text:
Author(s): Martin Boldt, Andreas Jacobsson, Niklas Lavesson, Paul Davidsson
Title: Automated Spyware Detection Using End User License Agreements
Translated title: Automatisk detektion av spyware genom klassificering av slutanvändarlicenser
Conference name: 2nd International Conference on Information Security and Assurance
Year: 2008
Publisher: IEEE
City: Busan, Korea
ISI number: 000256051100085
Organization: Blekinge Institute of Technology
Department: School of Engineering - Dept. of Systems and Software Engineering (Sektionen för teknik – avd. för programvarusystem)
School of Engineering S- 372 25 Ronneby
+46 455 38 50 00
http://www.tek.bth.se/
Authors e-mail: martin.boldt@bth.se, andreas.jacobsson@bth.se, niklas.lavesson@bth.se, paul.davidsson@bth.se
Language: English
Abstract: The amount of spyware increases rapidly over the Internet and it is usually hard for the average user to know if a software application hosts spyware. This paper investigates the hypothesis that it is possible to detect from the End User License Agreement (EULA) whether its associated software hosts spyware or not. We generated a data set by collecting 100 applications with EULAs and classifying each EULA as either good or bad. An experiment was conducted, in which 15 popular default-configured mining algorithms were applied on the data set. The results show that 13 algorithms are significantly better than random guessing, thus we conclude that the hypothesis can be accepted. Moreover, 2 algorithms also perform significantly better than the current state-of-the-art EULA analysis method. Based on these results, we present a novel tool that can be used to prevent the installation of spyware.
Summary in Swedish: Spridandet av spyware har ökat dramatiskt och det är ofta svårt för användaren att veta om spyware kommer att installeras samtidigt som en nedladdat applikation skall installeras. Den här studien undersöker om det är möjligt att avgöra om en applikation innehåller spyware genom att applicera data mining tekniker på applikationens slutanvändarlicens.
Subject: Computer Science\Artificial Intelligence
Keywords: eula, classification, data mining, supervised learning
Note: Copyright © 2008 IEEE. Reprinted from the proceedings of the 2nd International Conference on Information Security and Assurance . This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of BTH's products or services Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by sending a blank email message to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.
Edit