Detection of spyware by mining executable files

ARES 2010 - 5th International Conference on Availability, Reliability, and Security

Volumn , Issue , 2010, Pages 295-302

  Shazhad, Raja Khurram ^a   Haider, Syed Imran ^b   Lavesson, Niklas ^a  

^a BLEKINGE INSTITUTE OF TECHNOLOGY   (Sweden)

^b Custom Software Development South   (Sweden)

Author keywords

Data Mining; Feature extraction; Malicious code; Spyware detection

Indexed keywords

BINARY FEATURES; COMPUTER USERS; EXECUTABLE FILES; LOSS OF CONTROL; MALICIOUS CODES; N-GRAMS; PRIVATE DATA; SPY-WARE; SPYWARE DETECTION; THIRD PARTIES; TRAINING DATA;

COMPUTER SOFTWARE; DATA MINING; FEATURE EXTRACTION; LEARNING ALGORITHMS; VIRUSES;

DETECTORS;

EID: 77952339517     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2010.105     Document Type: Conference Paper

References (30)

1. M. Boldt and B. Carlsson, "Privacy-invasive software and preventive mechanisms," 2nd International Conference on Systems and Networks Communications, (ICSNC 2006), Oct. 28- Nov.2, IEEE Computer Society.
2. M. Wu, Y. Huang, S. Kuo, "Examining Web-based spyware invasion with stateful behavior monitoring," 13th Pacific Rim International Symposium on Dependable Computing (PRDC '07), 17-19 Dec. Piscataway, NJ, USA: IEEE, pp. 275-81.
3. R. Sandhu, "Lattice-based access control models," Computer, vol. 26, Nov. 1993, pp. 9-19.
4. R. Stern, "FTC cracks down on spyware and PC hijacking, but not true lies," Micro, vol. 25, 2005, pp. 100-101.
5. rd International Conference on Information and Communication Technologies: from Theory to Applications, (ICTTA), 2008, pp. 1-5.
6. Spyware, us-cert.gov/reading-room/Spywarehome-0905.pdf [accessed 2009-05-18].
7. T. Bollinger, "Software in the year 2010," IT Professional, vol. 6, 2004, pp. 11-15.
8. H. Qing and T. Dinev, "Is spyware an internet nuisance or public menace?" Communications of the ACM, vol. 48, 2005, pp. 61-66.
9. W. Ames, "Understanding spyware: Risk and response," IT Professional, vol. 6, 2004, pp. 25-29
10. C. D. Bozagac, "Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware", White paper, Bilkent University, 2005.
11. M. Wu, Y. Huang, Y. Wang, and S. Kuo, "A stateful approach to spyware detection and removal," 12th Pacific Rim International Symposium on Dependable Computing, (PRDC 2006), 18-20 Dec. Los Alamitos, CA, USA: IEEE Computer Society, pp. 173-182.
12. M. Schultz, E. Eskin, F. Zadok, and S. Stolfo, "Data mining methods for detection of new malicious executables," Proceedings of IEEE Symposium on Security and Privacy, 14-16 May 2001, Los Alamitos, CA, USA: IEEE Computer Society, pp. 38-49.
13. Zone Alarm, Press Release 2000, http://www.zonealarm.com [accessed 2009-05-14].
14. I.H. Witten, E. Frank, Data Mining: Practical Machine Learning Tools and Techniques, 2nd ed. Morgan Kaufmann, 2005.
15. W. Cohen, "Fast effective rule induction," Proc. 12th International Conference on Machine Learning, pp. 115-23, San Francisco, CA: Morgan Kaufmann Publishers, 1995.
16. O. Henchiri and N. Japkowicz, "A feature selection and evaluation scheme for computer virus detection," 6th International Conference on Data Mining (ICDM'06), 18-22 Dec., Piscataway, NJ, USA: IEEE, pp. 918-922.
17. R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M. Gitelman, S. Dolev, and Y. Elovici, "Unknown malcode detection using OPCODE representation," 1st European Conference on Intelligence and Security Informatics, (EuroISI 2008), 3-5 Dec., Berlin, Germany: Springer-Verlag, pp. 204-215.
18. Y. Elovici, A. Shabtai, R. Moskovitch, G. Tahan, and C. Glezer., "Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic", Proceedings of the 30th annual German conference on Advances in Artificial Intelligence, KI 2007, 10-13 Sept., Berlin, Germany: Springer-Verlag, pp. 44-50.
19. T. Abou-Assaleh, N. Cercone, V. Keselj, and R. Sweidan, "N-gram-based detection of new malicious code," Proceedings of the 28th Annual International Computer Software and Applications Conference. COMPSAC 2004, 28-30 Sept., Los Alamitos, CA, USA: IEEE Computer Society, pp. 41-42.
20. M. Siddiqui, M. Wang, and J. Lee, "Detecting Trojans Using Data Mining Techniques," Wireless Networks, Information Processing and Systems, 2009, pp. 400-411.
21. J. Wang, P. Deng, Y. Fan, L. Jaw, and Y. Liu, "Virus detection using data mining techniques," Proceedings of International Carnahan Conference on Security Technology, 14-16 Oct. 2003, Piscataway, NJ, USA: IEEE, pp. 71-76.
22. R. Moskovitch, D. Stopel, C. Feher, N. Nissim, and Y. Elovici, "Unknown malcode detection via text categorization and the imbalance problem," International Conference on Intelligence and Security Informatics, (ISI 2008), 17-20 June, Piscataway, NJ, USA: IEEE, pp. 156-161
23. N. Lavesson, M. Boldt, P. Davidsson and A. Jacobsson, "Learning to Detect Spware using End User License Agreements," Knowledge and Information Systems, in press.
24. J.Z. Kolter and M.A. Maloof, "Learning to detect malicious executables in the wild", Proceedings of the 10th International Conference on Knowledge Discovery and Data Mining, KDD 2004, 22-25 Aug., Seattle, WA, United states: ACM, pp. 470-478.
25. D. Reddy, S. Dash, and A. Pujari, "New Malicious Code Detection Using Variable Length n-grams," Information Systems Security, 2006, pp. 276-288.
26. Isaksson, M. Wallman, H. Göransson, and M. Gustafsson, "Cross-validation and bootstrapping are unreliable in small sample classification," Pattern Recognition Letters, vol. 29, Oct. 2008, pp. 1960-1965.
27. Download, http://download.com [accessed 2009-05-17].
28. Spyware Guide, http://Spywareguide.com [accessed 2009-04-23].
29. Linux/Unix Command: xxd, http://linux.about.com/library/cmd/blcmdl1-xxd. htm [accessed 2009-04-26].
30. F. Provost, T. Fawcett and R. Kohavi.," The Case against Accuracy Estimation for Comparing Induction Algorithms". Proceedings of the Fifteenth international Conference on Machine Learning, ICML 1998, 24-27 July, San Francisco, CA, USA: Morgan Kaufmann Publishers, pp. 445-453.