Name
Abstract | ||
|---|---|---|
We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. If classified as spyware, NetSpy also generates a signature characterizing the malicious substrate of the spyware's network behavior. Such a signature can be used by network intrusion detection systems to detect spyware installations in large networks. In our experiments, NetSpy precisely identified each of the 7 spyware programs that we considered and generated network-level signatures for them. Of the 9 supposedly-benign programs that we considered, NetSpy correctly characterized 6 of them as benign. The remaining 3 programs showed network behavior that was highly suggestive of spying activity. |
Year | DOI | Venue |
|---|---|---|
2006 | 10.1109/ACSAC.2006.34 | ACSAC |
Keywords | Field | DocType |
spyware signatures,automatic generation,correlating user input,network intrusion detection system,spyware installation,network traffic,untrusted program,network behavior,supposedly-benign program,spyware program,large network,network-level signature,digital signatures | Large networks,Network intrusion detection,Computer security,Computer science,Digital signature,Network behavior | Conference |
ISSN | ISBN | Citations |
1063-9527 | 0-7695-2716-7 | 13 |
PageRank | References | Authors |
1.27 | 8 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Hao Wang | 1 | 239 | 18.42 |
| S. Jha | 2 | 7921 | 539.19 |
| Vinod Ganapathy | 3 | 713 | 42.69 |