NetSpy: Automatic Generation of Spyware Signatures for NIDS

A
ACSAC
2006
22nd Annual Computer Security Applications Conference (ACSAC'06)
Abstract - NetSpy: Automatic Generation of Spyware Signatures for NIDS

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Hao Wang Articles by Somesh Jha Articles by Vinod Ganapathy

22nd Annual Computer Security Applications Conference (ACSAC'06)

Miami Beach, Florida, USA

December 11-December 15

ISBN: 0-7695-2716-7

	ASCII Text	x
	Hao Wang, Somesh Jha, Vinod Ganapathy, "NetSpy: Automatic Generation of Spyware Signatures for NIDS," Computer Security Applications Conference, Annual, pp. 99-108, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/ACSAC.2006.34, author = {Hao Wang and Somesh Jha and Vinod Ganapathy}, title = {NetSpy: Automatic Generation of Spyware Signatures for NIDS}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2006}, issn = {1063-9527}, pages = {99-108}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.34}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - NetSpy: Automatic Generation of Spyware Signatures for NIDS SN - 1063-9527 SP99 EP108 A1 - Hao Wang, A1 - Somesh Jha, A1 - Vinod Ganapathy, PY - 2006 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Hao Wang, University of Wisconsin-Madison, USA

Somesh Jha, University of Wisconsin-Madison, USA

Vinod Ganapathy, University of Wisconsin-Madison, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.34

We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. If classified as spyware, NetSpy also generates a signature characterizing the malicious substrate of the spyware?s network behavior. Such a signature can be used by network intrusion detection systems to detect spyware installations in large networks.

In our experiments, NetSpy precisely identified each of the 7 spyware programs that we considered and generated network-level signatures for them. Of the 9 supposedly-benign programs that we considered, NetSpy correctly characterized 6 of them as benign. The remaining 3 programs showed network behavior that was highly suggestive of spying activity.

Citation:

Hao Wang, Somesh Jha, Vinod Ganapathy, "NetSpy: Automatic Generation of Spyware Signatures for NIDS," acsac, pp.99-108, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.