NetSpy: Automatic generation of spyware signatures for NIDS

Hao Wang, Somesh Jha, Vinod Ganapathy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Scopus citations

Abstract

We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. If classified as spyware, NetSpy also generates a signature characterizing the malicious substrate of the spyware 's network behavior. Such a signature can be used by network intrusion detection systems to detect spyware installations in large networks. In our experiments, NetSpy precisely identified each of the 1 spyware programs that we considered and generated network-level signatures for them. Of the 9 supposedlybenign programs that we considered, NetSpy correctly characterized 6 of them as benign. The remaining 3 programs showed network behavior that was highly suggestive of spying activity.

Original languageEnglish (US)
Title of host publicationProceedings - Annual Computer Security Applications Conference, ACSAC
Pages99-108
Number of pages10
DOIs
StatePublished - 2006
Externally publishedYes
Event22nd Annual Computer Security Applications Conference, ACSAC 2006 - Miami Beach, FL, United States
Duration: Dec 11 2006Dec 15 2006

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Other

Other22nd Annual Computer Security Applications Conference, ACSAC 2006
Country/TerritoryUnited States
CityMiami Beach, FL
Period12/11/0612/15/06

All Science Journal Classification (ASJC) codes

  • Software
  • General Engineering

Fingerprint

Dive into the research topics of 'NetSpy: Automatic generation of spyware signatures for NIDS'. Together they form a unique fingerprint.

Cite this