Automated Spyware Collection and Analysis
Identifieur interne : 004507 ( Istex/Curation ); précédent : 004506; suivant : 004508Automated Spyware Collection and Analysis
Auteurs : Andreas Stamminger [États-Unis] ; Christopher Kruegel [États-Unis] ; Giovanni Vigna [États-Unis] ; Engin Kirda [France]Source :
- Lecture Notes in Computer Science [ 0302-9743 ] ; 2009.
Abstract
Abstract: Various online studies on the prevalence of spyware attest overwhelming numbers (up to 80%) of infected home computers. However, the term spyware is ambiguous and can refer to anything from plug-ins that display advertisements to software that records and leaks user input. To shed light on the true nature of the spyware problem, a recent measurement paper attempted to quantify the extent of spyware on the Internet. More precisely, the authors crawled the web and analyzed the executables that were downloaded. For this analysis, only a single anti-spyware tool was used. Unfortunately, this is a major shortcoming as the results from this single tool neither capture the actual amount of the threat, nor appropriately classify the functionality of suspicious executables in many cases. For our analysis, we developed a fully-automated infrastructure to collect and install executables from the web. We use three different techniques to analyze these programs: an online database of spyware-related identifiers, signature-based scanners, and a behavior-based malware detection technique. We present the results of a measurement study that lasted about ten months. During this time, we crawled over 15 million URLs and downloaded 35,853 executables. Almost half of the spyware samples we found were not recognized by the tool used in previous work. Moreover, a significant fraction of the analyzed programs (more than 80%) was incorrectly classified. This underlines that our measurement results are more comprehensive and precise than those of previous approaches, allowing us to draw a more accurate picture of the spyware threat.
Url:
DOI: 10.1007/978-3-642-04474-8_17
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: Pour aller vers cette notice dans l'étape Curation :004507
Links to Exploration step
ISTEX:61960D782C55BD44DD61B2F14277691782E61EB2Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Automated Spyware Collection and Analysis</title><author><name sortKey="Stamminger, Andreas" sort="Stamminger, Andreas" uniqKey="Stamminger A" first="Andreas" last="Stamminger">Andreas Stamminger</name><affiliation wicri:level="4"><mods:affiliation>University of California, Santa Barbara</mods:affiliation><country>États-Unis</country><placeName><settlement type="city">Santa Barbara (Californie)</settlement><region type="state">Californie</region></placeName><orgName type="university">Université de Californie à Santa Barbara</orgName><orgName type="institution">Université de Californie</orgName></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: as@cs.ucsb.edu</mods:affiliation><country wicri:rule="url">États-Unis</country></affiliation></author><author><name sortKey="Kruegel, Christopher" sort="Kruegel, Christopher" uniqKey="Kruegel C" first="Christopher" last="Kruegel">Christopher Kruegel</name><affiliation wicri:level="4"><mods:affiliation>University of California, Santa Barbara</mods:affiliation><country>États-Unis</country><placeName><settlement type="city">Santa Barbara (Californie)</settlement><region type="state">Californie</region></placeName><orgName type="university">Université de Californie à Santa Barbara</orgName><orgName type="institution">Université de Californie</orgName></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: chris@cs.ucsb.edu</mods:affiliation><country wicri:rule="url">États-Unis</country></affiliation></author><author><name sortKey="Vigna, Giovanni" sort="Vigna, Giovanni" uniqKey="Vigna G" first="Giovanni" last="Vigna">Giovanni Vigna</name><affiliation wicri:level="4"><mods:affiliation>University of California, Santa Barbara</mods:affiliation><country>États-Unis</country><placeName><settlement type="city">Santa Barbara (Californie)</settlement><region type="state">Californie</region></placeName><orgName type="university">Université de Californie à Santa Barbara</orgName><orgName type="institution">Université de Californie</orgName></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: vigna@cs.ucsb.edu</mods:affiliation><country wicri:rule="url">États-Unis</country></affiliation></author><author><name sortKey="Kirda, Engin" sort="Kirda, Engin" uniqKey="Kirda E" first="Engin" last="Kirda">Engin Kirda</name><affiliation wicri:level="1"><mods:affiliation>Institut Eurecom, France</mods:affiliation><country xml:lang="fr">France</country><wicri:regionArea>Institut Eurecom</wicri:regionArea></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: kirda@eurecom.fr</mods:affiliation><country wicri:rule="url">France</country></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:61960D782C55BD44DD61B2F14277691782E61EB2</idno><date when="2009" year="2009">2009</date><idno type="doi">10.1007/978-3-642-04474-8_17</idno><idno type="url">https://api.istex.fr/document/61960D782C55BD44DD61B2F14277691782E61EB2/fulltext/pdf</idno><idno type="wicri:Area/Istex/Corpus">004507</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">004507</idno><idno type="wicri:Area/Istex/Curation">004507</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Automated Spyware Collection and Analysis</title><author><name sortKey="Stamminger, Andreas" sort="Stamminger, Andreas" uniqKey="Stamminger A" first="Andreas" last="Stamminger">Andreas Stamminger</name><affiliation wicri:level="4"><mods:affiliation>University of California, Santa Barbara</mods:affiliation><country>États-Unis</country><placeName><settlement type="city">Santa Barbara (Californie)</settlement><region type="state">Californie</region></placeName><orgName type="university">Université de Californie à Santa Barbara</orgName><orgName type="institution">Université de Californie</orgName></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: as@cs.ucsb.edu</mods:affiliation><country wicri:rule="url">États-Unis</country></affiliation></author><author><name sortKey="Kruegel, Christopher" sort="Kruegel, Christopher" uniqKey="Kruegel C" first="Christopher" last="Kruegel">Christopher Kruegel</name><affiliation wicri:level="4"><mods:affiliation>University of California, Santa Barbara</mods:affiliation><country>États-Unis</country><placeName><settlement type="city">Santa Barbara (Californie)</settlement><region type="state">Californie</region></placeName><orgName type="university">Université de Californie à Santa Barbara</orgName><orgName type="institution">Université de Californie</orgName></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: chris@cs.ucsb.edu</mods:affiliation><country wicri:rule="url">États-Unis</country></affiliation></author><author><name sortKey="Vigna, Giovanni" sort="Vigna, Giovanni" uniqKey="Vigna G" first="Giovanni" last="Vigna">Giovanni Vigna</name><affiliation wicri:level="4"><mods:affiliation>University of California, Santa Barbara</mods:affiliation><country>États-Unis</country><placeName><settlement type="city">Santa Barbara (Californie)</settlement><region type="state">Californie</region></placeName><orgName type="university">Université de Californie à Santa Barbara</orgName><orgName type="institution">Université de Californie</orgName></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: vigna@cs.ucsb.edu</mods:affiliation><country wicri:rule="url">États-Unis</country></affiliation></author><author><name sortKey="Kirda, Engin" sort="Kirda, Engin" uniqKey="Kirda E" first="Engin" last="Kirda">Engin Kirda</name><affiliation wicri:level="1"><mods:affiliation>Institut Eurecom, France</mods:affiliation><country xml:lang="fr">France</country><wicri:regionArea>Institut Eurecom</wicri:regionArea></affiliation><affiliation wicri:level="1"><mods:affiliation>E-mail: kirda@eurecom.fr</mods:affiliation><country wicri:rule="url">France</country></affiliation></author></analytic><monogr></monogr><series><title level="s">Lecture Notes in Computer Science</title><imprint><date>2009</date></imprint><idno type="ISSN">0302-9743</idno><idno type="eISSN">1611-3349</idno><idno type="ISSN">0302-9743</idno></series><idno type="istex">61960D782C55BD44DD61B2F14277691782E61EB2</idno><idno type="DOI">10.1007/978-3-642-04474-8_17</idno><idno type="ChapterID">17</idno><idno type="ChapterID">Chap17</idno></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0302-9743</idno></seriesStmt></fileDesc><profileDesc><textClass></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: Various online studies on the prevalence of spyware attest overwhelming numbers (up to 80%) of infected home computers. However, the term spyware is ambiguous and can refer to anything from plug-ins that display advertisements to software that records and leaks user input. To shed light on the true nature of the spyware problem, a recent measurement paper attempted to quantify the extent of spyware on the Internet. More precisely, the authors crawled the web and analyzed the executables that were downloaded. For this analysis, only a single anti-spyware tool was used. Unfortunately, this is a major shortcoming as the results from this single tool neither capture the actual amount of the threat, nor appropriately classify the functionality of suspicious executables in many cases. For our analysis, we developed a fully-automated infrastructure to collect and install executables from the web. We use three different techniques to analyze these programs: an online database of spyware-related identifiers, signature-based scanners, and a behavior-based malware detection technique. We present the results of a measurement study that lasted about ten months. During this time, we crawled over 15 million URLs and downloaded 35,853 executables. Almost half of the spyware samples we found were not recognized by the tool used in previous work. Moreover, a significant fraction of the analyzed programs (more than 80%) was incorrectly classified. This underlines that our measurement results are more comprehensive and precise than those of previous approaches, allowing us to draw a more accurate picture of the spyware threat.</div></front></TEI></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Ticri/CIDE/explor/TelematiV1/Data/Istex/Curation
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 004507 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Istex/Curation/biblio.hfd -nk 004507 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Ticri/CIDE
|area= TelematiV1
|flux= Istex
|étape= Curation
|type= RBID
|clé= ISTEX:61960D782C55BD44DD61B2F14277691782E61EB2
|texte= Automated Spyware Collection and Analysis
}}
| This area was generated with Dilib version V0.6.31. |  |