Detection of Spyware by Mining Executable Files
| Document type: | Conference Papers |
|---|---|
| Peer reviewed: | Yes |
| Full text: | |
| Author(s): | Raja Khurram Shahzad, Syed Imran Haider, Niklas Lavesson |
| Title: | Detection of Spyware by Mining Executable Files |
| Conference name: | The Fifth International Conference on Availability, Reliability and Security (ARES 2010) |
| Year: | 2010 |
| Pagination: | 295-302 |
| Publisher: | IEEE Computer Society |
| City: | Krakow |
| URI/DOI: | 10.1109/ARES.2010.105 |
| ISI number: | 000278197800042 |
| Organization: | Blekinge Institute of Technology |
| Department: | School of Computing (Sektionen för datavetenskap och kommunikation) School of Computing S-371 79 Karlskrona +46 455 38 50 00 http://www.bth.se/com |
| Authors e-mail: | rks@bth.se, imran.s.haider@capgemini.com, nla@bth.se |
| Language: | English |
| Abstract: | Spyware represents a serious threat to confidentiality since it may result in loss of control over private data for computer users. This type of software might collect the data and send it to a third party without informed user consent. Traditionally two approaches have been presented for the purpose of spyware detection: Signature-based Detection and Heuristic-based Detection. These approaches perform well against known Spyware but have not been proven to be successful at detecting new spyware. This paper presents a Spyware detection approach by using Data Mining (DM) technologies. Our approach is inspired by DM-based malicious code detectors, which are known to work well for detecting viruses and similar software. However, this type of detector has not been investigated in terms of how well it is able to detect spyware. We extract binary features, called n-grams, from both spyware and legitimate software and apply five different supervised learning algorithms to train classifiers that are able to classify unknown binaries by analyzing extracted n-grams. The experimental results suggest that our method is successful even when the training data is scarce. |
| Subject: | Computer Science\Artificial Intelligence Computer Science\Electronic security |
| Keywords: | Spyware Detection, Data Mining, Malicious Code, Feature Extraction |
