Abstract
A particular type of spyware which uses the user’s events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user’s private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware’s actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it’s effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.
Chapter PDF
Similar content being viewed by others
Keywords
- Reaction Degree
- Event Trap
- USENIX Security Symposium
- 15th USENIX Security
- 15th USENIX Security Symposium
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Borders, K., Zhao, X., Prakash, A.: Siren: Catching evasive malware (short paper). In: Proceedings of IEEE Symposium on Security and Privacy (2006)
Chandrasekaran, M., Vidyaraman, S., Upadhyaya, S.: Spycon: Emulating user activities to detect evasive spyware. In: Proceedings of IEEE Int’l Conf. on Performance, Computing and Communications (IPCCC) (2007)
Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: Proceedings of the 15th USENIX Security Symposium (2006)
pudn.com: HookAPI Source Code (2005). http://www.codeproject.com/system/Paladin.asp
Wang, Y.M., Roussev, R., Verbowski, C., Johnson, A., Wu, M.W., Huang, Y., Kuo, S.Y.: Gatekeeper:Monitoring auto-start extensibility points (aseps) for spyware management. In: Proceedings of Usenix Large Installation System Administration Conference(LISA) (2004)
Webroot Software, Inc.: Spyware info and facts that all internet users must know (2006). http://www.webroot.com/resources/spywareinfo
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Han, J., Kwon, J., Lee, H. (2008). HoneyID : Unveiling Hidden Spywares by Generating Bogus Events. In: Jajodia, S., Samarati, P., Cimato, S. (eds) Proceedings of The Ifip Tc 11 23rd International Information Security Conference. SEC 2008. IFIP – The International Federation for Information Processing, vol 278. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09699-5_43
Download citation
DOI: https://doi.org/10.1007/978-0-387-09699-5_43
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09698-8
Online ISBN: 978-0-387-09699-5
eBook Packages: Computer ScienceComputer Science (R0)