Paper Info
Title
Design and implementation of an extrusion-based break-in detector for personal computers
Abstract
An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. In this paper, we tackle the problem of automated detection of break-ins caused by unknown malware targeting personal computers. We develop a host based system, BINDER (Break-IN DEtectoR), to detect break-ins by capturing user unintended malicious outbound connections (referred to as extrusions). To infer user intent, BINDER correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. Thus BINDER can detect a large class of unknown malware such as worms, spyware and adware without requiring signatures. We have successfully used BINDER to detect real world spyware on daily used computers and email worms on a controlled testbed with very small false positives
Year
DOI
Venue
2005
10.1109/CSAC.2005.19
ACSAC
Keywords
Field
DocType
microcomputers,new google,invasive software,binder,host based system,extrusion-based break-in detector,load alert2,spyware,adware,function loadalert,load alert,function testthis,personal computers function settab,email worms,automated detection,function drawchart,bot networks,malicious outbound connections,function letemknow,var data,malware,function loadalert2,personal computers,false positive
Computer science,Computer security,Testbed,User intent,Malware,Detector,Adware,False positive paradox
Conference
ISSN
ISBN
Citations 
1063-9527
0-7695-2461-3
19
PageRank 
References 
Authors
1.25
14
3
Name
Order
Citations
PageRank
Weidong Cui1118056.04
Randy H. Katz2168193018.89
Wai-tian Tan367278.92