Detection of Spyware by Mining Executable Files

Shahzad, Raja Khurram; Haider, Syed Imran; Lavesson, Niklas

doi:10.1109/ares.2010.105

Cited by 29 publications

(7 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This time, researchers applied Bagging and were successful in achieving 96 per cent accuracy [15]. In an attempt to detect spyware, n-grams of hexadecimal representation were used as features [16]. This attempt was successful in obtaining 90.5 per cent accuracy.…”

Section: Related Workmentioning

confidence: 99%

Accurate Adware Detection Using Opcode Sequence Extraction

Shahzad

Lavesson

Johnson

2011

2011 Sixth International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Accurate Adware Detection Using Opcode Sequence Extraction

Shahzad

Lavesson

Johnson

2011

2011 Sixth International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

“…MalPEFinder now provides a file attributes vector, including hash, name, and size of files, to complete the file matching; these file attributes can be extracted from PEFs conveniently and shorten the response time for malware attacks. Meanwhile, some malware file attributes found in the research can be quickly added to the vector structure to increase the detection rate of MalPEFinder.…”

Section: Discussionmentioning

confidence: 99%

MalPEFinder: fast and retrospective assessment of data breaches in malware attacks

Liu¹,

Chen

2011

Security Comm Networks

View full text Add to dashboard Cite

A successful data breach is often caused by malware installed by attackers. In a large-scale computer environment, it is difficult and costly for information technology managers to identify the victims and to assess the scope of the data breach when a malware attack occurs. Therefore, a quick and retrospective mechanism that can find victims is required. One such technology is Search. However, most search techniques are not designed for searching executable files; indeed, they become worse in identifying malware files because of polymorphism and/or metamorphism.In this paper, we propose a portable executable format file search mechanism, called MalPEFinder. Instead of searching malware files, this mechanism searches the malware-related files retrospectively. Based on these files and their ownership, MalPEFinder can locate malware files on a large scale quickly. Furthermore, the possibly breached files also can be identified. A MalPEFinder prototype has been implemented on the HADOOP platform in order to perform three functions: (i) searching retrospectively; (ii) protecting evidence against tampering; and (iii) dealing with future data growth. We used 72 malware to evaluate the accuracy and efficiency of our system. The experimental results show that MalPEFinder has a higher detection rate as well as a lower false positive rate than the famous SPLUNK tool.

show abstract

“…Spyware can be defined as software that gathers information about a person or organisation without their consent or knowledge and sends it to another entity [28]. The software is designed for secrecy and durability.…”

Section: Context and Motivationmentioning

confidence: 99%

“…Spyware is usually organised in multiple modules, each performing one or more malicious activities, with the ability to use them according to the attacker's purpose [3]. Typical spyware modules include keystroke logging, screen logging, URL monitoring, turning on the microphone or camera, intercepting sensitive documents and exfiltrating them and collecting location information [28].…”

Section: Context and Motivationmentioning

confidence: 99%

A Novel Behavioural Screenlogger Detection System

Sbai

Happa

Goldsmith

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Among the various types of spyware, screenloggers are distinguished by their ability to capture screenshots. This gives them considerable nuisance capacity, giving rise to theft of sensitive data or, failing that, to serious invasions of the privacy of users. Several examples of attacks relying on this screen capture feature have been documented in recent years. Moreover, on desktop environments, taking screenshots is a legitimate functionality used by many benign applications, which makes screenlogging activities particularly stealthy. However, existing malware detection approaches are not adapted to screenlogger detection due to the composition of their datasets and the way samples are executed. In this paper, we propose the first dynamic detection approach based on a dataset of screenloggers and legitimate screenshot-taking applications (built in a previous work), with a particular care given to the screenshot functionality during samples execution. We also propose a tailored detection approach based on novel features specific to screenloggers. This last approach yields better results than an approach using traditional API call and network features trained on the same dataset (minimum increase of 3.108% in accuracy).

show abstract

Detection of Spyware by Mining Executable Files

Cited by 29 publications

References 22 publications

Accurate Adware Detection Using Opcode Sequence Extraction

Accurate Adware Detection Using Opcode Sequence Extraction

MalPEFinder: fast and retrospective assessment of data breaches in malware attacks

A Novel Behavioural Screenlogger Detection System

Contact Info

Product

Resources

About